Tries to extract a unique key for the principal If this is not possible, return
null
if the principal equals
GeoServerUser#ROOT_USERNAME
null
must be
returned. (Never cache this user)
For pre-authentication filters, the name of the principal is sufficient. All other filters
should include some information derived from the credentials, otherwise an attacker could
authenticate using only the principal information.
As an example, the derived information could be an md5 checksum of the credentials
If there is an already existing HTTP Session, this method should return null
If the HTTP request attribute named
GeoServerSecurityContextPersistenceFilter.ALLOWSESSIONCREATION_ATTR is true, this method
should return null