Let me explain the reason of this the question.
From the SO asnwer ( https://stackoverflow.com/a/5025140/5057736 ):
"Principal - A subset of subject that is represented by an account, role or
other unique identifier. When we get to the level of implementation details,
principals are the unique keys we use in access control lists. They may
represent human users, automation, applications, connections, etc.
…
Subject/Object inherits from the same terms as used in grammar. In a sentence
the subject is the actor and the object is the thing acted on. "
So, Principal is a subset of Subject → principal is an actor.
However, in Shiro A Principal is any identifying attribute of an application
user (Subject).
So, I try to understand: 1) The SO answer is wrong. 2) Shiro is wrong 3) I
understand everything wrong.
if #2 then AuthenticationToken should be
public interface AuthenticationToken extends Serializable {
public Object getPrincipalId();//added "Id"
public Object getCredentials();
}
--
Best regards, Alex Orlov
>Среда, 4 ноября 2020, 15:01 +03:00 от Benjamin Marwell <[email protected]>:
>
>Correct.
>
>To complete the picture:
>
>https://shiro.apache.org/terminology.html
>
>Also, the PrincipalCollection knows which realms the user is known in. This is
>why most methods return such a collection, not a single Principal.
>
>Most apps only have one realm, but they could have multiple realms. E.g. LDAP
>and a config file.
>
>
>
>On Wed, 4 Nov 2020, 12:30 Andreas Reichel, < [email protected] >
>wrote:
>>
>>
>>
>>On Wed, 2020-11-04 at 13:07 +0300, Alex Orlov wrote:
>>>So, could anyone explain what is Principal — is it a User or User.getId()?
>>>
>>
>>Good afternoon Alex.
>>
>>while I am just a Shiro user (but not a developer), my understanding is, that
>>a Principal is anything you (or a service) can authenticate or authorize
>>against.
>>Any entity, you can send to a service and get a response ( "yes"
>>authenticated) for, is a principal.
>>
>>The nature of this principal depends on the service itself.
>>If the authentication service expects a Username, then this Username is a
>>Principal. But if the service expects a Global Unique Token, then this
>>Username would not qualify as a Principal (but the Token would).
>>
>>Cheers!
>>Andreas
