Because principal() is more convenient than securityContext.principal, this function is a common pattern in many applications:

function principal(): User {
  return securityContext.principal;
}

We could also generate it automatically when an application contains a principal declaration principal is User with credentials name, password

Perhaps it should just be a global variable principal. Currently this is already the case in access control rules, where all the securityContext session entity properties are directly accessible as variables.

On the other hand, still having the function as an explicit read-only reference to principal also makes sense, since assigning to the principal typically only happens when logging in or emulating a login.

Submitted by Danny Groenewegen on 25 January 2013 at 14:05