diff --git a/core/src/main/java/org/springframework/security/expression/support/WebSecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/expression/support/WebSecurityExpressionRoot.java
index 18bf814fb1..bffb905337 100644
--- a/core/src/main/java/org/springframework/security/expression/support/WebSecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/expression/support/WebSecurityExpressionRoot.java
@@ -1,7 +1,11 @@
 package org.springframework.security.expression.support;
 
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
 import org.springframework.security.Authentication;
 import org.springframework.security.intercept.web.FilterInvocation;
+import org.springframework.util.StringUtils;
 
 /**
  *
@@ -16,4 +20,34 @@ class WebSecurityExpressionRoot extends SecurityExpressionRoot {
         super(a);
         this.filterInvocation = fi;
     }
+
+    public boolean hasIpAddress(String ipAddress) {
+        byte[] mask = null;
+
+        if (ipAddress.indexOf('/') > 0) {
+            String[] addressAndMask = StringUtils.split(ipAddress, "/");
+            ipAddress = addressAndMask[0];
+            try {
+                mask = InetAddress.getByName(addressAndMask[1]).getAddress();
+            } catch (UnknownHostException e) {
+                throw new IllegalArgumentException("Failed to parse mask" + addressAndMask[1], e);
+            }
+        }
+
+        try {
+            InetAddress requiredAddress = InetAddress.getByName(ipAddress);
+            InetAddress remoteAddress = InetAddress.getByName(filterInvocation.getHttpRequest().getRemoteAddr());
+
+            if (mask == null) {
+                return remoteAddress.equals(requiredAddress);
+            } else {
+
+            }
+//            byte[] remoteAddress = InetAddress.getByName(filterInvocation.getHttpRequest().getRemoteAddr()).getAddress();
+        } catch (UnknownHostException e) {
+            throw new IllegalArgumentException("Failed to parse " + ipAddress, e);
+        }
+
+        return false;
+    }
 }
diff --git a/core/src/test/java/org/springframework/security/expression/support/WebSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/expression/support/WebSecurityExpressionRootTests.java
new file mode 100644
index 0000000000..80d3691f84
--- /dev/null
+++ b/core/src/test/java/org/springframework/security/expression/support/WebSecurityExpressionRootTests.java
@@ -0,0 +1,25 @@
+package org.springframework.security.expression.support;
+
+import static org.junit.Assert.*;
+
+import org.jmock.Mockery;
+import org.jmock.integration.junit4.JUnit4Mockery;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.security.Authentication;
+import org.springframework.security.intercept.web.FilterInvocation;
+import org.springframework.security.util.FilterInvocationUtils;
+
+public class WebSecurityExpressionRootTests {
+    Mockery jmock = new JUnit4Mockery();
+
+    @Test
+    public void ipAddressMatchesForEqualIpAddresses() throws Exception {
+        FilterInvocation fi = FilterInvocationUtils.create("/test");
+        MockHttpServletRequest request = (MockHttpServletRequest) fi.getHttpRequest();
+        request.setRemoteAddr("192.168.1.1");
+        WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(jmock.mock(Authentication.class), fi);
+
+        assertTrue(root.hasIpAddress("192.168.1.1"));
+    }
+}