diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index bf828ed22aa0e..fa4f6d557009e 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -163,7 +163,9 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
                     ->prototype('array')
                         ->fixXmlConfig('ip')
                         ->fixXmlConfig('method')
+                        ->fixXmlConfig('role')
                         ->children()
+                            ->scalarNode('matcher')->defaultNull()->end()
                             ->scalarNode('requires_channel')->defaultNull()->end()
                             ->scalarNode('path')
                                 ->defaultNull()
@@ -180,9 +182,6 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
                                 ->prototype('scalar')->end()
                             ->end()
                             ->scalarNode('allow_if')->defaultNull()->end()
-                        ->end()
-                        ->fixXmlConfig('role')
-                        ->children()
                             ->arrayNode('roles')
                                 ->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
                                 ->prototype('scalar')->end()
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 4398a2a36d433..e191e71235feb 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -195,13 +195,11 @@ private function createAuthorization($config, ContainerBuilder $container)
         ));
 
         foreach ($config['access_control'] as $access) {
-            $matcher = $this->createRequestMatcher(
-                $container,
-                $access['path'],
-                $access['host'],
-                $access['methods'],
-                $access['ips']
-            );
+            if (null !== $access['matcher']) {
+                $matcher = new Reference($access['matcher']);
+            } else {
+                $matcher = $this->createRequestMatcher($container, $access['path'], $access['host'], $access['methods'], $access['ips']);
+            }
 
             $attributes = $access['roles'];
             if ($access['allow_if']) {
diff --git a/src/Symfony/Component/HttpFoundation/ChainRequestMatcher.php b/src/Symfony/Component/HttpFoundation/ChainRequestMatcher.php
new file mode 100644
index 0000000000000..e64a9e4c4a34f
--- /dev/null
+++ b/src/Symfony/Component/HttpFoundation/ChainRequestMatcher.php
@@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpFoundation;
+
+/**
+ * @author Roland Franssen <franssen.roland@gmail.com>
+ */
+class ChainRequestMatcher implements RequestMatcherInterface
+{
+    private $matchers;
+
+    /**
+     * @param RequestMatcherInterface[] $matchers
+     */
+    public function __construct(array $matchers)
+    {
+        $this->matchers = $matchers;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function matches(Request $request)
+    {
+        foreach ($this->matchers as $matcher) {
+            if (!$matcher->matches($request)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}