diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index e11b52b39b..f3ac8d6a42 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -75,11 +75,6 @@ class HttpConfigurationBuilder {
 
     private static final String ATT_REF = "ref";
 
-    private static final String ATT_SECURED = "security";
-    private static final String OPT_SECURITY_NONE = "none";
-    private static final String OPT_SECURITY_CONTEXT_ONLY = "contextOnly";
-
-
     private final Element httpElt;
     private final ParserContext pc;
     private final SessionCreationPolicy sessionPolicy;
@@ -112,7 +107,7 @@ class HttpConfigurationBuilder {
             if (StringUtils.hasText(urlElt.getAttribute(ATT_FILTERS))) {
                 pc.getReaderContext().error("The use of \"filters='none'\" is no longer supported. Please define a" +
                         " separate <http> element for the pattern you want to exclude and use the attribute" +
-                        " \"secured='false'\".", pc.extractSource(urlElt));
+                        " \"security='none'\".", pc.extractSource(urlElt));
             }
         }
 
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index 0c1af2800c..f332e08716 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -93,9 +93,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     }
 
     List<BeanMetadataElement> createFilterChain(Element element, ParserContext pc, MatcherType matcherType) {
-        String security = element.getAttribute(ATT_SECURED);
+        boolean secured = !OPT_SECURITY_NONE.equals(element.getAttribute(ATT_SECURED));
 
-        if (StringUtils.hasText(security)) {
+        if (!secured) {
             if (!StringUtils.hasText(element.getAttribute(ATT_PATH_PATTERN))) {
                 pc.getReaderContext().error("The '" + ATT_SECURED + "' attribute must be used in combination with" +
                         " the '" + ATT_PATH_PATTERN +"' attribute.", pc.extractSource(element));
@@ -103,16 +103,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
             for (int n=0; n < element.getChildNodes().getLength(); n ++) {
                 if (element.getChildNodes().item(n) instanceof Element) {
-                    pc.getReaderContext().error("If you are using <htt> to define an unsecured pattern, " +
+                    pc.getReaderContext().error("If you are using <http> to define an unsecured pattern, " +
                             "it cannot contain child elements.",  pc.extractSource(element));
                 }
             }
 
-            if (security.equals(OPT_SECURITY_NONE)) {
-                return Collections.emptyList();
-            }
-
-
+            return Collections.emptyList();
         }
 
         final String portMapperName = createPortMapper(element, pc);