Just found the answer to this question after having the same problem.

The issue is in the jwt token generation

        return Jwts.builder()
                .setSubject(login)
                .setClaims(extraClaims)
                .setIssuedAt(new Date())
                .setExpiration(new Date(System.currentTimeMillis() + tokenValidity * 1000))
                .signWith(key)
                .compact();

If you look the the setSubject method you will find out that it's just a convenience method to set the sub claim if the Claims are not present. You are in fact filling a Claims object with the sub claim and then overriding it with your other extraClaims.

What i simply did was switch the order:

return Jwts.builder()
                  .setClaims(extraClaims)
                  .setSubject(login)
                  //etc

Guess you din't need the answer anymore, but maybe someone else will stumble here.