What’s the “principal” in Spring Security?

Spring Security defines the notion of a principal, the currently logged-in user. When a user authenticates successfully, the principal is stored in Spring’s security context, which is thread-bound, thus making it available to the rest of our service.

Spring Security provides Authorization via Role-Based Access Control (RBAC). This means that a Principal has several Roles. Each resource (or operation) specifies which Roles a Principal must have to perform actions with proper authorization.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *