[Geoserver-devel] [JIRA] (GEOS-10974) GetLegendGraphics with WMS Cascading doesn't use authentication

Benjamin Mikkelsen created an issue

GeoServer / BugGEOS-10974

GetLegendGraphics with WMS Cascading doesn’t use authentication

Issue Type:

BugBug

Affects Versions:

2.23.0

Assignee:

Unassigned

Components:

WMS

Created:

11/May/23 10:43 AM

Priority:

MediumMedium

Reporter:

Benjamin Mikkelsen

Hello,

I’m experiencing an issue with GeoServer 2.23 while using WMS Cascading to fetch some layers from 3rd party sources. Some of these sources require Basic Authentication, while others don’t. Although adding a WMS store with Basic Authentication works for most request-types, it only doesn’t for the GetLegendGraphics endpoint.

When I call the GetLegendGraphics endpoint, I receive a blank 1x1 pixel with HTTP Code 200. After investigating the issue, it appears that GeoServer is not sending the Authorization-header for the GetLegendGraphics-request. I contacted the provider of the external GeoServer, who confirmed that the header is missing for the GetLegendGraphics-requests.

Here are the steps to reproduce the issue:

Create a GeoServer (version 2.23.0)
Create a WMS Store Connection under Data –> Stores –> Add new store –> Selecting WMS under ‘Other Data Sources’
Give the store a name (e.g. BasicAuthTest)
Insert GetCapabilitiesURL, Username, and Password (the WMS connection must be protected by Basic Authentication)
Save the store and import a layer.
Call the following URL via the browser: http://GEOSERVER_DOMAIN:PORT/geoserver/wms?REQUEST=GetLegendGraphic&VERSION=1.3.0&FORMAT=image/png&WIDTH=20&HEIGHT=20&LAYER=LAYERNAME_HERE

I believe the root cause of this issue is the missing Authorization-header for the GetLegendGraphics-request, which is resulting in a blank 1x1 pixel.

The expected behavior would be that the Authorization-header is send.

The header correctly send to the GetCapabilities, GetMap and GetFeatureInfo requests.

I would appreciate it if you could investigate this issue and provide a fix as soon as possible.

Thank you.

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100225-sha1:84d3b45)

Atlassian logo