diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
index 57693d9314..84a5ae3149 100644
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -135,7 +135,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
if (useExpressions) {
logger.info("Creating access control expression attribute '" + access + "' for " + path);
// The single expression will be parsed later by the ExpressionFilterInvocationSecurityMetadataSource
- attributeBuilder.setFactoryMethod("createList");
+ attributeBuilder.setFactoryMethod("createSingleAttributeList");
} else {
attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
index 64c9fe4691..12f0342fcc 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
@@ -1004,7 +1004,7 @@ public class HttpSecurityBeanDefinitionParserTests {
public void expressionBasedAccessAllowsAndDeniesAccessAsExpected() throws Exception {
setContext(
" " +
- " " +
+ " " +
" " +
" " + AUTH_PROVIDER_XML);
diff --git a/core/src/main/java/org/springframework/security/access/SecurityConfig.java b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
index e3ac56dae3..f13300844d 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@@ -67,8 +67,12 @@ public class SecurityConfig implements ConfigAttribute {
return createList(StringUtils.commaDelimitedListToStringArray(access));
}
+ public final static List createSingleAttributeList(String access) {
+ return createList(access);
+ }
+
public final static List createList(String... attributeNames) {
- Assert.notNull(attributeNames, "You must supply a list of argument names");
+ Assert.notNull(attributeNames, "You must supply an array of attribute names");
List attributes = new ArrayList(attributeNames.length);
for (String attribute : attributeNames) {