Authkey is currently not sent for WMS GetLegendGraphic requests

[tdipisa]

Description

Not sure it is a regression or a new bug, but it seems the authkey is not sent with MWS GetLegendGraphic requests.

How to reproduce

• Open the legend of a layer as authenticated user

Expected Result

The authkey param is sent as query parameter in WMSGetLegendGraphic requests performed by MS

Current Result

The authkey is not included

• Not browser related

Browser info

(use this site: https://www.whatsmybrowser.org/ for non expert users)

Browser Affected	Version
Internet Explorer
Edge
Chrome
Firefox
Safari

Other useful information

this is due to this if which is not true and there fore the authkey is not added. we should add this SLD when the requests comes from GetLegendGraphich

8b44c0e#diff-c8a7cdc28e2e637335975a5a48e6aafc95c21dd42f99d30d3714e2d4423f77a1R625

we can add an if clause here for authkey that adds it if the method is authkey
https://github.com/geosolutions-it/MapStore2/blob/master/web/client/components/misc/SecureImage.jsx#L34

DO NOT alter code for addAuthenticationToSLD, but prefer to use addAuthenticationParameter in SecureImage

[rowheat02]

Initial Investigation:
I have noticed a discrepancy between the dev and local(master).
Testing on: https://dev-mapstore.geosolutionsgroup.com/mapstore/#/context/demo_context/46500
Layer- alberi_pubblici
On dev, able to expand for the legend as its layer is not failing
On local(master) (logged in as the same user) - not able to expand as it is layer is already failing.
authKey is missing on local for GetMap also
Dev:

Local:

@tdipisa @MV88 Am I missing something on the config level?

[MV88]

@rowheat02
yes, you need to apply authentication rules that are stored in an external datadir for dev

https://github.com/geosolutions-it/mapstore-datadir/blob/DEV/configs/localConfig.json.patch#L107-L110

[rowheat02]

@MV88 I tried to add authKey if it matches the authRule, But found that specific legend(alberi_pubblici) is still failing but due to a different reason:

Case 1: Without Authkey as param in image URL- (status 200) No response

Case 2: With Authkey as param in image URL - ( status 200) With response but with dimensions 2*1 which is when a legend is unavailable from GeoServer. (validation code here)

It's creating confusion if the issue is in Geoserver. @tdipisa Do we have another authenticated layer from Geoserver to test?

Here is the draft PR adding authKey in SecureImage #10765

[MV88]

It would be better if you can add the request as curl in the post as well and the exported map in json
I also suggest to check logs in geoserver when you submit request if there is an error to inspect
For handling querystring i think you can use the package query-string

[tdipisa]

It's creating confusion if the issue is in Geoserver. @tdipisa Do we have another authenticated layer from Geoserver to test?

@rowheat02 there is no confusion here. The reason is simply that after #10684 the following legend options are used for GS:

&LEGEND_OPTIONS=hideEmptyRules%3Atrue%3BforceLabels%3Aon&SRCWIDTH=718

Where hideEmptyRules effectively hide legend rules not visible in the map viewport. You have to zoom to the layer to be able to see its features in map and so also the legend.

Simply try this request with a authkey and you will see the legend appearing as expected:

https://gs-stable.geo-solutions.it/geoserver/wms?service=WMS&request=GetLegendGraphic&format=image%2Fpng&height=12&width=12&layer=geosolutions%3Aalberi_pubblici&style=&version=1.3.0&SLD_VERSION=1.1.0&LEGEND_OPTIONS=hideEmptyRules%3Atrue%3BforceLabels%3Aon&SRCWIDTH=718&SRCHEIGHT=883&SRS=EPSG%3A3857&CRS=EPSG%3A3857&BBOX=1231977.9727568976%2C5413123.227160996%2C1259418.8659112756%2C5446870.175148898&LANGUAGE=en&SCALE=144448&authkey=XXXX-XXXX-XXXX-XXXX