A Principal is a Java interface. A programmer-written PrincipalImpl object implements the Principal interface, along with the Serializable interface, a name string, a getName() method that returns this string, and other support methods such as hashCode(), toString(), and equals().

Principals are added to the Subject during the login process. As we will see later, declarative authorization is based on entries in a policy file. When an authorization request is made, the system's authorization policy is compared with the Principals contained in the Subject. Authorization is granted if the Subject has a Principal that meets the security requirement in the policy file; otherwise it is denied.