SEC-1380: Trim whitespace from config attributes when building a list in SecurityConfig.

config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java

@@ -316,7 +316,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     public void lowerCaseComparisonIsRespectedBySecurityFilterInvocationDefinitionSource() throws Exception {
         setContext(
                 "    <http auto-config='true' path-type='ant' lowercase-comparisons='false'>" +
-                "        <intercept-url pattern='/Secure*' access='ROLE_A,ROLE_B' />" +
+                "        <intercept-url pattern='/Secure*' access='ROLE_A, ROLE_B' />" +
                 "        <intercept-url pattern='/**' access='ROLE_C' />" +
                 "    </http>" + AUTH_PROVIDER_XML);
 

core/src/main/java/org/springframework/security/access/SecurityConfig.java

@@ -75,7 +75,7 @@ public class SecurityConfig implements ConfigAttribute {
         List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeNames.length);
 
         for (String attribute : attributeNames) {
-            attributes.add(new SecurityConfig(attribute));
+            attributes.add(new SecurityConfig(attribute.trim()));
         }
 
         return attributes;