diff --git a/web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java
new file mode 100644
index 0000000000..06314acbf5
--- /dev/null
+++ b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2010 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.util;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.expression.EvaluationContext;
+import org.springframework.expression.Expression;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+import org.springframework.security.access.expression.ExpressionUtils;
+
+/**
+ * @author Mike Wiesner
+ * @since 3.0.2
+ * @version $Id:$
+ */
+public class ELRequestMatcher implements RequestMatcher {
+
+    private Expression expression;
+
+    public ELRequestMatcher(String el) {
+        SpelExpressionParser parser = new SpelExpressionParser();
+        expression = parser.parseExpression(el);
+    }
+
+    public boolean matches(HttpServletRequest request) {
+        EvaluationContext context = createELContext(request);
+        return ExpressionUtils.evaluateAsBoolean(expression, context);
+    }
+
+    /**
+     * Subclasses can override this methode if they want to use a different EL root context
+     * 
+     * @return EL root context which is used to evaluate the expression
+     */
+    public EvaluationContext createELContext(HttpServletRequest request) {
+        return new StandardEvaluationContext(new ELRequestMatcherContext(request));
+    }
+
+}
diff --git a/web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java
new file mode 100644
index 0000000000..f51329ebf9
--- /dev/null
+++ b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2009 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.util;
+
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.util.StringUtils;
+
+class ELRequestMatcherContext {
+
+    private HttpServletRequest request;
+
+    public ELRequestMatcherContext(HttpServletRequest request) {
+        this.request = request;
+    }
+
+    @SuppressWarnings("unused")
+    public boolean hasIpAddress(String ipAddress) {
+        return (new IpAddressMatcher(ipAddress).matches(request));
+    }
+    
+    @SuppressWarnings("unused")
+    public boolean hasHeader(String headerName, String value) {
+        String header = request.getHeader(headerName);
+        if (StringUtils.hasText(header) == false) {
+            return false;
+        }
+        
+        if (header.contains(value)) {
+            return true;
+        }
+        
+        return false;
+    }
+
+}
\ No newline at end of file
diff --git a/web/src/test/java/org/springframework/security/web/util/ELRequestMatcherTest.java b/web/src/test/java/org/springframework/security/web/util/ELRequestMatcherTest.java
new file mode 100644
index 0000000000..31ce2a055a
--- /dev/null
+++ b/web/src/test/java/org/springframework/security/web/util/ELRequestMatcherTest.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2010 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.util;
+
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+/**
+ * @author Mike Wiesner
+ * @since 3.0.2
+ */
+public class ELRequestMatcherTest {
+
+    @Test
+    public void testHasIpAddressTrue() throws Exception {
+        ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRemoteAddr("1.1.1.1");
+
+        assertTrue(requestMatcher.matches(request));
+    }
+
+    @Test
+    public void testHasIpAddressFalse() throws Exception {
+        ELRequestMatcher requestMatcher = new ELRequestMatcher("hasIpAddress('1.1.1.1')");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRemoteAddr("1.1.1.2");
+
+        assertFalse(requestMatcher.matches(request));
+    }
+
+    @Test
+    public void testHasHeaderTrue() throws Exception {
+        ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addHeader("User-Agent", "MSIE");
+
+        assertTrue(requestMatcher.matches(request));
+    }
+
+    @Test
+    public void testHasHeaderTwoEntries() throws Exception {
+        ELRequestMatcher requestMatcher = new ELRequestMatcher(
+                "hasHeader('User-Agent','MSIE') or hasHeader('User-Agent','Mozilla')");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addHeader("User-Agent", "MSIE");
+
+        assertTrue(requestMatcher.matches(request));
+
+        request = new MockHttpServletRequest();
+        request.addHeader("User-Agent", "Mozilla");
+
+        assertTrue(requestMatcher.matches(request));
+
+    }
+
+    @Test
+    public void testHasHeaderFalse() throws Exception {
+        ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addHeader("User-Agent", "wrong");
+
+        assertFalse(requestMatcher.matches(request));
+    }
+
+    @Test
+    public void testHasHeaderNull() throws Exception {
+        ELRequestMatcher requestMatcher = new ELRequestMatcher("hasHeader('User-Agent','MSIE')");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+
+        assertFalse(requestMatcher.matches(request));
+    }
+
+}