在Spring 4中配置不带XML的Spring Security

我想用一个custom authentication filter:

捕获加密的标头令牌

验证之后,提取用户的详细信息,并以无状态方式将它们添加到当前请求的安全上下文中

我希望能够使用此安全上下文持有者来获取有关当前请求用户正确处理其请求的详细信息.

@RequestMapping(value = "/simple", method = RequestMethod.POST)
@ResponseBody
@Transactional
@Preauthorize(...)
public String simple(){
   //collect the user's current details from the getPrinciple() and complete the transaction...
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    return "Simple";
}

我以前用XML做过这样的事情:

但是,我希望这可以Spring Boot在非xml WebSecurityConfigurerAdapter中使用更新的应用程序,就像它们的Spring Boot文件中的示例一样:

    @Bean
    public ApplicationSecurity applicationSecurity() {
        return new ApplicationSecurity();
    }

    @Order(Ordered.LOWEST_PRECEDENCE - 8)
    protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            // this is obviously for a simple "login page" not a custom filter!
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
                        .loginPage("/login").failureUrl("/login?error").permitAll(); 
            }
        }

有什么建议或类似的例子吗？