Merge branch '7.0.x'

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/DelegatingJwtGrantedAuthoritiesConverter.java

@@ -30,6 +30,23 @@ import org.springframework.util.Assert;
  * A {@link Jwt} to {@link GrantedAuthority} {@link Converter} that is a composite of
  * converters.
  *
+ * <p>
+ * This is handy when needing to read authorities from multiple locations in a JWT; each
+ * underlying converter is called in series and the results are aggregated into a single
+ * collection of authorities.
+ *
+ * <p>
+ * For example, you might have a claim called "scope" and another called "roles". With
+ * {@link DelegatingJwtGrantedAuthoritiesConverter}, you can do:
+ *
+ * <code>
+ *   JwtGrantedAuthoritiesConverter scopes = new JwtGrantedAuthoritiesConverter();
+ *   JwtGrantedAuthoritiesConverter roles = new JwtGrantedAUthoritiesConverter();
+ *   roles.setAuthoritiesClaimName("roles");
+ *   roles.setAuthorityPrefix("ROLE_");
+ *   return new DelegatingJwtGrantedAuthoritiesConverter(scopes, roles);
+ * </code>
+ *
  * @author Laszlo Stahorszki
  * @author Josh Cummings
  * @since 5.5

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/ExpressionJwtGrantedAuthoritiesConverter.java

@@ -36,9 +36,6 @@ import org.springframework.util.Assert;
  * Uses an expression for extracting the token claim value to use for mapping
  * {@link GrantedAuthority authorities}.
  *
- * Note this can be used in combination with a
- * {@link DelegatingJwtGrantedAuthoritiesConverter}.
- *
  * @author Thomas Darimont
  * @since 6.4
  */