Spring Security rolePrefix with empty string returns HTTP 400 as of version 6.0.3

Describe the bug In version 6.0.3 our application returns a HTTP 400 with message Administrator should not start with since is automatically prepended when using hasAnyRole. Consider using hasAnyAuthority instead. This is an IllegalArgumentException

Change is here (check on the prefix which triggers on empty string) AuthorityAuthorizationManager.java#L128

This is because we use rolePrefix "" (empty string)

final JwtGrantedAuthoritiesConverter authoritiesConverter = new JwtGrantedAuthoritiesConverter();
        authoritiesConverter.setAuthorityPrefix("");
        ....

GrantedAuthorityDefaults grantedAuthorityDefaults() {
        return new GrantedAuthorityDefaults("");
    }

When using rolePrefix empty string Jsr250AuthorizationManager it calls return AuthorityAuthorizationManager.hasAnyRole(Jsr250AuthorizationManager.this.rolePrefix,

To Reproduce Set rolePrefix to empty String

Expected behavior If allowed for security reasons same behavior as version 6.0.2, allow empty string for role prefix.

Comment From: jzheaux

Thanks, @mbreevoort, I've assigned this to the next maintenance release.