diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index be51530e9b..229404e442 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -17,6 +17,7 @@ package org.springframework.security.authentication.jaas;
 
 import java.io.File;
 import java.io.IOException;
+import java.net.URL;
 import java.security.Principal;
 import java.security.Security;
 import java.util.ArrayList;
@@ -244,8 +245,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
      *
      */
     private void configureJaasUsingLoop() throws IOException {
-        File loginConfigFile = loginConfig.getFile();
-        String loginConfigUrl = loginConfigFile.toURL().toString();
+        String loginConfigUrl = convertLoginConfigToUrl();
         boolean alreadySet = false;
 
         int n = 1;
@@ -269,6 +269,17 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
         }
     }
 
+    private String convertLoginConfigToUrl() throws IOException {
+        String loginConfigPath = loginConfig.getFile().getAbsolutePath();
+        loginConfigPath.replace(File.separatorChar, '/');
+
+        if (!loginConfigPath.startsWith("/")) {
+            loginConfigPath = "/" + loginConfigPath;
+        }
+
+        return new URL("file", "", loginConfigPath).toString();
+    }
+
     /**
      * Handles the logout by getting the SecurityContext for the session that was destroyed. <b>MUST NOT use
      * SecurityContextHolder as we are logging out a session that is not related to the current user.</b>