Benjamin Mikkelsen (
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=70121%3A58b98fe0-d7c8-414e-8053-0906eaa91683
) *created* an issue
GeoServer (
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiOTYyNzQ5Yjk2YWU5NGIzMzg0NmJmYmNiMDM2ZjAwNmUiLCJwIjoiaiJ9
) / Bug (
https://osgeo-org.atlassian.net/browse/GEOS-10974?atlOrigin=eyJpIjoiOTYyNzQ5Yjk2YWU5NGIzMzg0NmJmYmNiMDM2ZjAwNmUiLCJwIjoiaiJ9
) GEOS-10974 (
https://osgeo-org.atlassian.net/browse/GEOS-10974?atlOrigin=eyJpIjoiOTYyNzQ5Yjk2YWU5NGIzMzg0NmJmYmNiMDM2ZjAwNmUiLCJwIjoiaiJ9
) GetLegendGraphics with WMS Cascading doesn't use authentication (
https://osgeo-org.atlassian.net/browse/GEOS-10974?atlOrigin=eyJpIjoiOTYyNzQ5Yjk2YWU5NGIzMzg0NmJmYmNiMDM2ZjAwNmUiLCJwIjoiaiJ9
)
Issue Type: Bug Affects Versions: 2.23.0 Assignee: Unassigned Components: WMS
Created: 11/May/23 10:43 AM Priority: Medium Reporter: Benjamin Mikkelsen (
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=70121%3A58b98fe0-d7c8-414e-8053-0906eaa91683
)
Hello,
I'm experiencing an issue with GeoServer 2.23 while using WMS Cascading to
fetch some layers from 3rd party sources. Some of these sources require Basic
Authentication, while others don't. Although adding a WMS store with Basic
Authentication works for most request-types, it only doesn't for the
GetLegendGraphics endpoint.
When I call the GetLegendGraphics endpoint, I receive a blank 1x1 pixel with
HTTP Code 200. After investigating the issue, it appears that GeoServer is not
sending the Authorization-header for the GetLegendGraphics-request. I contacted
the provider of the external GeoServer, who confirmed that the header is
missing for the GetLegendGraphics-requests.
Here are the steps to reproduce the issue:
Create a GeoServer (version 2.23.0)
Create a WMS Store Connection under Data --> Stores --> Add new store -->
Selecting WMS under 'Other Data Sources'
Give the store a name (e.g. BasicAuthTest)
Insert GetCapabilitiesURL, Username, and Password (the WMS connection must be
protected by Basic Authentication)
Save the store and import a layer.
Call the following URL via the browser:
http://GEOSERVER_DOMAIN:PORT/geoserver/wms?REQUEST=GetLegendGraphic&VERSION=1.3.0&FORMAT=image/png&WIDTH=20&HEIGHT=20&LAYER=LAYERNAME_HERE
I believe the root cause of this issue is the missing Authorization-header for
the GetLegendGraphics-request, which is resulting in a blank 1x1 pixel.
The expected behavior would be that the Authorization-header is send.
The header correctly send to the GetCapabilities, GetMap and GetFeatureInfo
requests.
I would appreciate it if you could investigate this issue and provide a fix as
soon as possible.
Thank you.
(
https://osgeo-org.atlassian.net/browse/GEOS-10974#add-comment?atlOrigin=eyJpIjoiOTYyNzQ5Yjk2YWU5NGIzMzg0NmJmYmNiMDM2ZjAwNmUiLCJwIjoiaiJ9
) Add Comment (
https://osgeo-org.atlassian.net/browse/GEOS-10974#add-comment?atlOrigin=eyJpIjoiOTYyNzQ5Yjk2YWU5NGIzMzg0NmJmYmNiMDM2ZjAwNmUiLCJwIjoiaiJ9
)
Get Jira notifications on your phone! Download the Jira Cloud app for Android (
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
) or iOS (
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100225-
sha1:84d3b45 )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
