Hi Supun, As I said in hip chat, this is a good and needed change to properly enforce authorization at API level. Thanks for fixing this up. Lets go for it.
Suresh > On Dec 11, 2015, at 10:17 PM, Supun Nakandala <[email protected]> > wrote: > > Hi devs, > > Currently in the Airavata API we use the gatewayId only for some API methods > like createExperiment, registerApplication etc.. I would like to suggest that > we move this field to SecurityToken and make it mandatory for all API > methods. For API methods which requires the gatewayId we can read it from > there. > > By making gatewayId a mandatory field in SecurityToken, in the API it is easy > to implement access control to the API in a multi tenanted scenario. > > Any Concerns? > > Thanks > Supun
