diff --git a/config/src/main/java/org/springframework/security/config/CustomFilterBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/CustomFilterBeanDefinitionDecorator.java
new file mode 100644
index 0000000000..0a51f1debe
--- /dev/null
+++ b/config/src/main/java/org/springframework/security/config/CustomFilterBeanDefinitionDecorator.java
@@ -0,0 +1,26 @@
+package org.springframework.security.config;
+
+import org.springframework.beans.factory.config.BeanDefinitionHolder;
+import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.w3c.dom.Node;
+
+/**
+ * No longer used in Spring Security 3, other than to report a warning. The <custom-filter> elements should
+ * be placed within the <http> block. See SEC-1186.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class CustomFilterBeanDefinitionDecorator implements BeanDefinitionDecorator {
+
+ public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) {
+ parserContext.getReaderContext().warning("The use of within a filter bean declaration " +
+ "is not supported in Spring Security 3.0+. If you are using Spring 3.0+, you should be place the " +
+ " element within the " +
+ " block in our configuration and add a 'ref' attribute which points to your filter bean",
+ parserContext.extractSource(node));
+
+ return holder;
+ }
+}