Jeff,You and I have discussed this before.Esri widgets don't like token appended urls. When the api makes requests it checks the layer._getToken() to see if the service is secured. At 3.0 the api stopped checking to see if the layer url was in fact token appended (in favor of Identity Manager and the detriment of the developer).The work around is to reset layer.url w/o the token after creating but before adding the layer to the map. I use an json to load layers and in so use "secured" and "token" params to append the url when creating the layer and then reset it.// layer json (layerInfo below) { type: 'dynamic', id: 'vertcontrol', url: 'https://some_server/arcgis/rest/services/Control/Vertical_Control/MapServer', name: 'Vertical Control', secured: true, token: 'some_token' }
// in layer loading class // create layer var li = lang.mixin({ secured: false, token: null, visible: false, opacity: 1, imageFormat: 'png32', dpi: 96, sublayers: true, identify: true, query: true }, layerInfo); this.layerInfo = li; var ip = new ImageParams(); ip.format = li.imageFormat; ip.dpi = li.dpi; this.layer = new Dynamic((li.secured) ? li.url + '?token=' + li.token : li.url, { id: li.id, imageParameters: ip, visible: li.visible, opacity: li.opacity }); this.layer.mapx = li; // reset url if (li.secured) { this.layer.url = li.url; }
You can also use layer._getToken() for your own requests thereafter:_getLegend: function (deferred, layer) { var url = layer.url; if (!isNaN(parseInt(url.charAt(url.length - 1), 10))) { url = url.replace('FeatureServer', 'MapServer'); url = url.substring(0, url.length - 2); } esriRequest({ url: url + '/legend', callbackParamName: 'callback', content: { f: 'json', token: (typeof layer._getToken === 'function') ? layer._getToken() : null } }, { usePost: this.usePost }).then(function (r) { deferred.resolve(r); }, function (e) { console.log(e); deferred.reject('getLegend::an error occurred retrieving legend'); }); },
