My app gets an AUTH_USER request header with username from Oracle Access Manager SSO. Spring Security "Additional Topics" 2.2.1 has an example of "PreAuth" that seems to be what I need, but not a full working example.

我的应用程序从 Oracle Access Manager SSO 获取带有用户名的 AUTH_USER 请求标头。Spring Security“附加主题”2.2.1有一个“PreAuth”的例子，这似乎是我需要的，但不是一个完整的工作例子。

Snippets below are from docs/examples, not working annotation-based configuration.

下面的片段来自文档/示例，而不是基于注释的配置。

Siteminder Example Configuration - using XML with a RequestHeaderAuthenticationFilterand PreAuthenticatedAuthenticationProviderand a UserDetailsService to lookup users.

Siteminder 示例配置 - 使用 XML 与RequestHeaderAuthenticationFilter和PreAuthenticatedAuthenticationProvider以及 UserDetailsS​​ervice 来查找用户。

How does this map to Java-based config?

这如何映射到基于 Java 的配置？

<security:http>
  <!-- Additional http configuration omitted -->
  <security:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
</security:http>

<bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
  <property name="principalRequestHeader" value="AUTH_USER"/>
  <property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.    PreAuthenticatedAuthenticationProvider">
  <property name="preAuthenticatedUserDetailsService">
    <bean id="userDetailsServiceWrapper"
          class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
      <property name="userDetailsService" ref="userDetailsService"/>
    </bean>
  </property>
</bean>

<security:authentication-manager alias="authenticationManager">
   <security:authentication-provider ref="preauthAuthProvider" />
</security:authentication-manager>

The Spring Security preauth example has a completely different setup (the XML config is even more intimidating). No mention of the pre-auth filter or how to set the header name.

Spring Security preauth 示例有一个完全不同的设置（XML 配置更令人生畏）。没有提到预认证过滤器或如何设置标题名称。

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/login","/resources/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .jee()
                .mappableRoles("USER","ADMIN");
    }
}

The spring-boot-sample-web-secure extends WebMvcConfigurerAdapter instead of WebSecurityConfigurerAdapter, and just does basic form-based logins, no info on how to get userid from pre-auth AUTH_USER header.

spring-boot-sample-web-secure 扩展了 WebMvcConfigurerAdapter 而不是 WebSecurityConfigurerAdapter，并且只进行基于表单的基本登录，没有关于如何从 pre-auth AUTH_USER 标头获取用户 ID 的信息。

public class SampleWebSecureApplication extends WebMvcConfigurerAdapter {

... omitted...

    @Bean
    public ApplicationSecurity applicationSecurity() {
        return new ApplicationSecurity();
    }

    @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
    protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {

        @Autowired
        private SecurityProperties security;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
                    .loginPage("/login").failureUrl("/login?error").permitAll();
        }
    }

}

I've read many references/articles but they do not seem to related to current code and Spring-boot, so stuck trying to understand how to configure the app pre-auth security.

我已经阅读了许多参考资料/文章，但它们似乎与当前代码和 Spring-boot 无关，因此一直试图了解如何配置应用程序预认证安全性。