What’s the “principal” in Spring Security?

Spring Security defines the notion of a principal, the currently logged-in user. When a user authenticates successfully, the principal is stored in Spring’s security context, which is thread-bound, thus making it available to the rest of our service.

Spring Security provides Authorization via Role-Based Access Control (RBAC). This means that a Principal has several Roles. Each resource (or operation) specifies which Roles a Principal must have to perform actions with proper authorization.

Leave a Reply

Discover more from BHUTAN IO

Subscribe now to keep reading and get access to the full archive.

Continue reading

Scroll to Top