We are experiencing problems with the getLegendGraphic request when using an external style at a secure url.
To fetch the external style the authorization header must be forwarded. For the getMap request
it works nicely using the authorisation forwarding feature implemented in https://osgeo-org.atlassian.net/browse/GEOS-10501
We expected that other requests would also work but the authorization header forwarding appears to be only implemented for the getMap request.
In order to generate the correct legend it is important that this also works for the getLegendGraphic request.
We would like to fix this, is it ok to create an issue to fix this or were there other motives to not forward the header for these requests.
Steps to reproduce:
You will need a shapefile and an associated sld stored in a secured external location.
Build & start geoserver locally
login to localhost:8080/geoserver/web/ (admin, geoserver)
go to security → url checks and switch the checks off or create a proper regex for the external style server.
go to services → wms → Allowed Style URLs for Authorization headers forwarding → add the host of the external style server
create a store for instance using a shapefile
download shape file attached to this task
stores → new store> shapefile
layers → new layer → select [layer ]-> publish
store the layer
test the layer
send get requests with an authorization header
Many of us were at a code sprint when you sent this message. You are very welcome to work on the same enhancement for GetLegendGraphics (and GetFeatureInfo would need it also).
You could ask the author of GEOS-10501 if they had any reason for only fixing it one location; they may not of been aware of how the other end-points worked.
Thanks for participating in GeoServer development.
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail