Currently there is no API to retrieve all principals bound to a specific session (see https://issues.apache.org/jira/browse/JCRVLT-515). Session.getUserId() may at most return the user backing the first principal and https://www.javadoc.io/doc/org.apache.jackrabbit/jackrabbit-api/latest/org/apache/jackrabbit/api/JackrabbitSession.html does not expose any other method which can be used for that.
In Oak this can be simply implemented via ContentSession.getAuthInfo().getPrincipals()
- is caused by
JCRVLT-515 AdminPermissionChecker should evaluate all principals bound to the Session
- is related to
OAK-9416 Add bridge method to get Oak ContentSession from JCR Session
- links to