diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
index 26a19612d8..9c1e20d86b 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@@ -534,7 +534,7 @@ final class AuthenticationConfigBuilder {
         anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
         anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
         anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
-        anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.createAuthorityList(grantedAuthority));
+        anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
         anonymousFilter.setSource(source);
 
         RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
diff --git a/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
index 848e76d842..e9d32ed8a5 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
@@ -212,6 +212,23 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
         'anonymity' == filter.authorities[0].authority
     }
 
+    def anonymousSupportsMultipleGrantedAuthorities() {
+        xml.http {
+            'form-login'()
+            'anonymous'(username: 'joe', 'granted-authority':'ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO', key: 'customKey')
+        }
+        createAppContext()
+
+        AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
+        def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
+
+        expect:
+        'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
+        'customKey' == filter.key
+        'joe' == filter.principal
+        ['ROLE_INVITADO','ROLE_PROFILE_INVITADO','ROLE_GRUPO_PUBLICO'] == filter.authorities*.authority
+    }
+
     def httpMethodMatchIsSupported() {
         httpAutoConfig {
             interceptUrl '/secure*', 'DELETE', 'ROLE_SUPERVISOR'