Implementing a Provider for validating the passed Principal

In a Spring deployment with principal-based security (Security.Authentication.Mode = principal), you might like to validate the passed principal on server side. For that purpose you can implement the interface

Implementing the Interface

The interace allows to validate the given principal:

@SPI(status = Status.Stable, useRestriction = UseRestriction.Public)
public interface PrincipalValidator
   boolean isValid(Principal principal);

By default, the principal validator is configured whose validation outcome always returns true, i.e. the principal is valid.

public class AlwaysValidPrincipalValidator implements PrincipalValidator
   public boolean isValid(Principal ignored)
      return true;

Specifying another Principal Validator

Another principal validator may be specified by setting the server-side property Security.Principal.Validator in your file to the fully qualified class name of the class which should be used as principal validator.

Generating a Signature in a clustered Environment

In a clustured environment, it is recommended to generate a signature for authenticated principals to prevent that each node will generate its own value which is incompatible with the other nodes. You can set this signature via a property Security.Principal.Secret in your server-side Principals with invalid signatures will be denied. If this property is not set, a randomized value will be generated.