Add support for auto-configuring ExpressionJwtGrantedAuthoritiesConverter

[kalgon]

Currently, the auto-configured JwtAuthenticationConverter (defined in OAuth2ResourceServerJwtConfiguration) uses a JwtGrantedAuthoritiesConverter. It would be nice if an ExpressionJwtGrantedAuthoritiesConverter would be used if there is a property spring.security.oauth2.resourceserver.jwt.authorities-claim-expression.

[wilkinsona]

Thanks for the suggestion. On the fact of it, this seems reasonable. However, I'm not sure exactly how ExpressionJwtGrantedAuthoritiesConverter is typically used, in particular its javadoc mentions using it in combination with DelegatingJwtGrantedAuthoritiesConverter which may not lend itself to property-based configuration. I couldn't find anything in Spring Security's documentation so I have opened spring-projects/spring-security#18300.

[kalgon]

Personally, I am not using it with a DelegatingJwtGrantedAuthoritiesConverter. I am defining a JwtAuthenticationConverter the same way it is defined in OAuth2ResourceServerJwtConfiguration but with an ExpressionJwtGrantedAuthoritiesConverter (instead of a regular JwtGrantedAuthoritiesConverter) so that I could have the following in my configuration (I am using keycloak):

spring.security.oauth2.resourceserver.jwt.authorities-claim-expression=["resource_access"]["my.client.id"]["roles"]