SEC-1679: Make sure whitespace is trimmed from cookie names when specifying multiple cookies.

config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java

@@ -86,7 +86,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 
         if (StringUtils.hasText(deleteCookies)) {
             BeanDefinition cookieDeleter = new RootBeanDefinition(CookieClearingLogoutHandler.class);
-            String[] names = StringUtils.commaDelimitedListToStringArray(deleteCookies);
+            String[] names = StringUtils.tokenizeToStringArray(deleteCookies, ",");
             cookieDeleter.getConstructorArgumentValues().addGenericArgumentValue(names);
             handlers.add(cookieDeleter);
         }

config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy

@@ -355,8 +355,8 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
 
         expect:
         handlers[1] instanceof CookieClearingLogoutHandler
-        handlers[1].cookiesToClear[0] = 'JSESSIONID'
-        handlers[1].cookiesToClear[1] = 'mycookie'
+        handlers[1].cookiesToClear[0] == 'JSESSIONID'
+        handlers[1].cookiesToClear[1] == 'mycookie'
     }
 
     def invalidLogoutUrlIsDetected() {