Remove unnecessary isExplicitlySet flag

The isExplicitlySet flag was used to ensure that an explicitly configured
authoritiesClaimName is always returned. However, in the current implementation, if the claim is not present in the JWT, no authorities are added regardless of whether the name is explicitly set or not.

Since there is no fallback to other claim names, the presence of this flag does not change the outcome and can be safely removed.

Signed-off-by: chanbinme <[email protected]>

Author: chanbinme

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtGrantedAuthoritiesConverter.java

@@ -55,8 +55,6 @@ public final class JwtGrantedAuthoritiesConverter implements Converter<Jwt, Coll
 
 	private Collection<String> authoritiesClaimNames = WELL_KNOWN_AUTHORITIES_CLAIM_NAMES;
 
-	private boolean isExplicitlySet = false;
-
 	/**
 	 * Extract {@link GrantedAuthority}s from the given {@link Jwt}.
 	 * @param jwt The {@link Jwt} token
@@ -105,13 +103,9 @@ public void setAuthoritiesClaimDelimiter(String authoritiesClaimDelimiter) {
 	public void setAuthoritiesClaimName(String authoritiesClaimName) {
 		Assert.hasText(authoritiesClaimName, "authoritiesClaimName cannot be empty");
 		this.authoritiesClaimNames = Collections.singletonList(authoritiesClaimName);
-		this.isExplicitlySet = true;
 	}
 
 	private String getAuthoritiesClaimName(Jwt jwt) {
-		if (this.isExplicitlySet) {
-			return this.authoritiesClaimNames.iterator().next();
-		}
 		for (String claimName : this.authoritiesClaimNames) {
 			if (jwt.hasClaim(claimName)) {
 				return claimName;