The principal isthe currently logged in user. However, you retrieve it through the security context which is bound to the current thread and as such it's also bound to the current request and its session.

主体是当前登录的用户。但是，您通过绑定到当前线程的安全上下文检索它，因此它也绑定到当前请求及其会话。

SecurityContextHolder.getContext()internally obtains the current SecurityContextimplementation through a ThreadLocalvariable. Because a request is bound to a single thread this will get you the context of the current request.

SecurityContextHolder.getContext()内部SecurityContext通过一个ThreadLocal变量获取当前的实现。因为请求绑定到单个线程，这将为您提供当前请求的上下文。

To simplify you could say that the security context is in the session and contains user/principal and roles/authorities.

为简化起见，您可以说安全上下文在会话中并包含用户/主体和角色/权限。

How do I retrieve a specific user?

如何检索特定用户？

You don't. All APIs are designed to allow access to the user & session of the current request. Let user A be one of 100 currently authenticated users. If A issues a request against your server it will allocate one thread to process that request. If you then do SecurityContextHolder.getContext().getAuthentication()you do so in the context of this thread. By default from within that thread you don't have access to the context of user B which is processed by a different thread.

你没有。所有 API 都旨在允许访问当前请求的用户和会话。让用户 A 成为 100 个当前已通过身份验证的用户之一。如果 A 向您的服务器发出请求，它将分配一个线程来处理该请求。如果你那么做，SecurityContextHolder.getContext().getAuthentication()你就在这个线程的上下文中这样做。默认情况下，在该线程内，您无权访问由不同线程处理的用户 B 的上下文。

And how do I differentiate between users that are doing requests?

以及如何区分正在执行请求的用户？

You don't have to, that's what the Servlet container does for you.

您不必这样做，这就是 Servlet 容器为您所做的。