A quick update,
First, the Apache Shiro team wants to thank qianji @ OPPO ZIWU Cyber
Security Lab for reporting the issue responsibly [0]
Second, if you are NOT using Shiro’s Spring Boot Starter
(`shiro-spring-boot-web-starter`), you must configure add the
ShiroRequestMappingConfig auto
Sort of, the Subject would be the actor, the Subject has principals
On Wed, Nov 4, 2020 at 11:34 AM Alex Orlov wrote:
> Thank you for such detailed explanation. In a result, just to check that
> my understanding is correct, can we say:
>
> Principal is a subset of Subject, so Principal is an
Thank you for such detailed explanation. In a result, just to check that my
understanding is correct, can we say:
Principal is a subset of Subject, so Principal is an actor. However, as Shiro
supports different security types, Shiro uses Principal as an actor’s
identifying attribute for
The SO answer looks pretty good to me, but it's pretty high level.
You also need to take into account how they are used in context and naming
conventions (e.g. Java has `java.security.principal`)
A principal could be any object, it's commonly a String, i.e. a username or
email address. These may
Let me explain the reason of this the question.
From the SO asnwer ( https://stackoverflow.com/a/5025140/5057736 ):
"Principal - A subset of subject that is represented by an account, role or
other unique identifier. When we get to the level of implementation details,
principals are the
Could you explain what is correct? The question is if a principal is an ACTOR or
ACTOR’S attribute. Everyone should agree that user != username, shouldn’t he?
--
Best regards, Alex Orlov
>Среда, 4 ноября 2020, 15:01 +03:00 от Benjamin Marwell :
>
>Correct.
>
>To complete the picture:
>
Correct.
To complete the picture:
https://shiro.apache.org/terminology.html
Also, the PrincipalCollection knows which realms the user is known in. This
is why most methods return such a collection, not a single Principal.
Most apps only have one realm, but they could have multiple realms. E.g.
On Wed, 2020-11-04 at 13:07 +0300, Alex Orlov wrote:
> So, could anyone explain what is Principal — is it a User or
> User.getId()?
>
Good afternoon Alex.
while I am just a Shiro user (but not a developer), my understanding
is, that a Principal is anything you (or a service) can authenticate
Hi all,
I am learning Shiro and have a difficulty with understanding what is Principal
in Shiro.
As I understand from this https://stackoverflow.com/a/5025140/5057736
Principal is a higher
level of user, system etc. For example, if in our application can work human
users, external