diff --git a/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg b/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg index 99cc2aa2a2b..5abdb0e94e4 100644 --- a/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg +++ b/src/DIRAC/FrameworkSystem/ConfigTemplate.cfg @@ -28,6 +28,20 @@ Services ##BEGIN TokenManager: # Section to describe TokenManager system TokenManager + { + Port = 9181 + # Description of rules for access to methods + Authorization + { + # Settings by default: + Default = authenticated + getUsersTokensInfo = ProxyManagement + } + } + ##END + ##BEGIN TornadoTokenManager: + # Section to describe TokenManager system + TornadoTokenManager { Protocol = https # Description of rules for access to methods diff --git a/src/DIRAC/FrameworkSystem/Service/TokenManagerHandler.py b/src/DIRAC/FrameworkSystem/Service/TokenManagerHandler.py index 2bcd6535671..e4007ad14cf 100644 --- a/src/DIRAC/FrameworkSystem/Service/TokenManagerHandler.py +++ b/src/DIRAC/FrameworkSystem/Service/TokenManagerHandler.py @@ -1,8 +1,6 @@ -"""TokenManager service is a HTTPs-exposed service responsible for token management, namely storing, updating, +"""TokenManager service is responsible for token management, namely storing, updating, requesting new tokens for DIRAC components that have the appropriate permissions. -.. note:: As a newly created service, it will not support the old DIPS protocol, which is living to its age. - .. literalinclude:: ../ConfigTemplate.cfg :start-after: ##BEGIN TokenManager: :end-before: ##END @@ -32,7 +30,6 @@ from DIRAC import S_OK, S_ERROR from DIRAC.Core.Security import Properties -from DIRAC.Core.Tornado.Server.TornadoService import TornadoService from DIRAC.FrameworkSystem.DB.TokenDB import TokenDB from DIRAC.ConfigurationSystem.Client.Helpers import Registry from DIRAC.Resources.IdProvider.IdProviderFactory import IdProviderFactory @@ -40,6 +37,7 @@ getIdProviderClient, getCachedKey, ) +from DIRAC.Core.DISET.RequestHandler import RequestHandler class TokenManagerHandlerMixin: @@ -284,5 +282,5 @@ def export_getTokensByUserID(self, userID: str): return self.__tokenDB.getTokensByUserID(userID) -class TokenManagerHandler(TokenManagerHandlerMixin, TornadoService): +class TokenManagerHandler(TokenManagerHandlerMixin, RequestHandler): pass diff --git a/src/DIRAC/FrameworkSystem/Service/DisetTokenManagerHandler.py b/src/DIRAC/FrameworkSystem/Service/TornadoTokenManagerHandler.py similarity index 79% rename from src/DIRAC/FrameworkSystem/Service/DisetTokenManagerHandler.py rename to src/DIRAC/FrameworkSystem/Service/TornadoTokenManagerHandler.py index fe9c1d90cfc..b010f0fbb2d 100644 --- a/src/DIRAC/FrameworkSystem/Service/DisetTokenManagerHandler.py +++ b/src/DIRAC/FrameworkSystem/Service/TornadoTokenManagerHandler.py @@ -1,4 +1,4 @@ -"""TokenManager service is responsible for token management, namely storing, updating, +"""TornadoTokenManager service is a HTTPs-exposed service responsible for token management, namely storing, updating, requesting new tokens for DIRAC components that have the appropriate permissions. .. literalinclude:: ../ConfigTemplate.cfg @@ -15,7 +15,7 @@ :alt: https://dirac.readthedocs.io/en/integration/_images/TokenManager_getToken.png (source https://github.com/TaykYoku/DIRACIMGS/raw/main/TokenManagerService_getToken.ai) The client has a mechanism for caching the received tokens. -This helps reduce the number of requests to both the service and the Identity Provider (IdP). +This helps reducing the number of requests to both the service and the Identity Provider (IdP). If the client has a valid **access token** in the cache, it is used until it expires. After that you need to update. The client can update it independently if on the server where it is in ``dirac.cfg`` @@ -26,9 +26,9 @@ is taken and the **exchange token** request to Identity Provider is made. """ -from DIRAC.Core.DISET.RequestHandler import RequestHandler +from DIRAC.Core.Tornado.Server.TornadoService import TornadoService from DIRAC.FrameworkSystem.Service.TokenManagerHandler import TokenManagerHandlerMixin -class DisetTokenManagerHandler(TokenManagerHandlerMixin, RequestHandler): +class TornadoTokenManagerHandler(TokenManagerHandlerMixin, TornadoService): pass