On Wed, 2020-11-04 at 13:07 +0300, Alex Orlov wrote: > So, could anyone explain what is Principal — is it a User or > User.getId()? >
Good afternoon Alex. while I am just a Shiro user (but not a developer), my understanding is, that a Principal is anything you (or a service) can authenticate or authorize against. Any entity, you can send to a service and get a response ( "yes" authenticated) for, is a principal. The nature of this principal depends on the service itself. If the authentication service expects a Username, then this Username is a Principal. But if the service expects a Global Unique Token, then this Username would not qualify as a Principal (but the Token would). Cheers! Andreas
