I'll take a look. IMO the current implementation is fine (for HTTP) - the issue is with receiving tokens over JMS, which is hardly a common use-case.
Colm. On Fri, Oct 30, 2015 at 1:50 PM, Christian Schneider < [email protected]> wrote: > I checked the code there. > > if > (msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL) != > null) { > > audiences.add((String)msg.getContextualProperty(org.apache.cxf.message.Message.REQUEST_URL)); > } > > So this adds the request URI as audience. Unfortunately there is no such > URI in JMS. I am not sure if the jms endpoint URI can be used here. > Technically I could add: > if > (msg.getContextualProperty(org.apache.cxf.message.Message.ENDPOINT_ADDRESS) > != null) { > > audiences.add((String)msg.getContextualProperty(org.apache.cxf.message.Message.ENDPOINT_ADDRESS)); > } > I am not sure though if this is the correct solution as ENDPOINT_ADDRESS > and REQUEST_URI are different things. > > Christian > > > On 30.10.2015 14:21, vbogatyrov wrote: > >> The list of restrictions is set in >> >> WSS4JInInterceptor.configureAudienceRestriction(SoapMessage msg, >> RequestData >> reqData) >> >> >> Thank you! >> >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/Using-JMS-URI-as-a-SAML-audience-restriction-tp5762392p5762408.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> > > > -- > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > http://www.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
