From 42a23098de6ad9166166c2124b1504df223e40ec Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Wed, 21 Apr 2021 17:28:14 +0100 Subject: [PATCH] Update docs on Principal controller method arguments Closes gh-26791 --- src/docs/asciidoc/web/webmvc.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/docs/asciidoc/web/webmvc.adoc b/src/docs/asciidoc/web/webmvc.adoc index 0e8bdec9b0..f058f3319b 100644 --- a/src/docs/asciidoc/web/webmvc.adoc +++ b/src/docs/asciidoc/web/webmvc.adoc @@ -2003,6 +2003,12 @@ and others) and is equivalent to `required=false`. | `java.security.Principal` | Currently authenticated user -- possibly a specific `Principal` implementation class if known. + Note that this argument is not resolved eagerly, if it is annotated in order to allow a custom resolver to resolve it + before falling back on default resolution resolution via `HttpServletRequest#getUserPrincipal`. + For example, the Spring Security `Authentication` implements `Principal` and would be injected as such via + `HttpServletRequest#getUserPrincipal`, unless it is also annotated with `@AuthenticationPrincipal` in which case it + is resolved by a custom Spring Security resolver through `Authentication#getPrincipal`. + | `HttpMethod` | The HTTP method of the request.