diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index 6505a7701a..b1f340366d 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -1,5 +1,8 @@
package org.springframework.security.config.http;
+import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.*;
+import static org.springframework.security.config.Elements.*;
+
import java.util.List;
import org.apache.commons.logging.Log;
@@ -112,6 +115,13 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
if (!StringUtils.hasText(access)) {
continue;
}
+ String filters = urlElt.getAttribute(ATT_FILTERS);
+ if(OPT_FILTERS_NONE.equals(filters)) {
+ parserContext.getReaderContext().error(
+ "Ambiguous configuration. Cannot contain " + INTERCEPT_URL+"@" + ATT_FILTERS +
+ "=\"" + OPT_FILTERS_NONE + "\" and " + INTERCEPT_URL + "@" + ATT_ACCESS,
+ parserContext.extractSource(urlElt));
+ }
String path = urlElt.getAttribute(ATT_PATTERN);
diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
index 6dafcd3789..3d2ab82bc7 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -2,6 +2,7 @@ package org.springframework.security.config.http;
import static org.springframework.security.config.http.SecurityFilters.*;
import static org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.*;
+import static org.springframework.security.config.Elements.*;
import java.util.ArrayList;
import java.util.Collections;
@@ -393,6 +394,13 @@ class HttpConfigurationBuilder {
String requiredChannel = urlElt.getAttribute(ATT_REQUIRES_CHANNEL);
if (StringUtils.hasText(requiredChannel)) {
+ String filters = urlElt.getAttribute(ATT_FILTERS);
+ if(OPT_FILTERS_NONE.equals(filters)) {
+ pc.getReaderContext().error(
+ "Ambiguous configuration. Cannot contain " + INTERCEPT_URL+"@" + ATT_FILTERS +
+ "=\"" + OPT_FILTERS_NONE + "\" and " + INTERCEPT_URL + "@" + ATT_REQUIRES_CHANNEL,
+ pc.extractSource(urlElt));
+ }
BeanDefinition requestKey = new RootBeanDefinition(RequestKey.class);
requestKey.getConstructorArgumentValues().addGenericArgumentValue(path);
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
index afac521328..0a94e12d81 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
@@ -185,6 +185,29 @@ public class HttpSecurityBeanDefinitionParserTests {
assertTrue(filters.size() == 0);
}
+ @Test(expected=BeanDefinitionParsingException.class)
+ public void filtersEqualsNoneErrorsWithRequiresChannel() throws Exception {
+ setContext(
+ " " +
+ " " +
+ " " + AUTH_PROVIDER_XML);
+ }
+
+ @Test(expected=BeanDefinitionParsingException.class)
+ public void filtersEqualsNoneErrorsWithAccess() throws Exception {
+ setContext(
+ " " +
+ " " +
+ " " + AUTH_PROVIDER_XML);
+ }
+
+ @Test(expected=BeanDefinitionParsingException.class)
+ public void filtersEqualsNoneErrorsWithRequiresChannelAndAccess() throws Exception {
+ setContext(
+ " " +
+ " " +
+ " " + AUTH_PROVIDER_XML);
+ }
@Test
public void regexPathsWorkCorrectly() throws Exception {