diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 6ac5c63338..5c88548bcf 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -280,14 +280,15 @@ class SecurityExtension extends Extension
         }
 
         $config->replaceArgument(1, (string) $matcher);
-        $config->replaceArgument(2, $firewall['security']);
+        $config->replaceArgument(2, $firewall['user_checker']);
+        $config->replaceArgument(3, $firewall['security']);
 
         // Security disabled?
         if (false === $firewall['security']) {
             return array($matcher, array(), null);
         }
 
-        $config->replaceArgument(3, $firewall['stateless']);
+        $config->replaceArgument(4, $firewall['stateless']);
 
         // Provider id (take the first registered provider if none defined)
         if (isset($firewall['provider'])) {
@@ -296,7 +297,7 @@ class SecurityExtension extends Extension
             $defaultProvider = reset($providerIds);
         }
 
-        $config->replaceArgument(4, $defaultProvider);
+        $config->replaceArgument(5, $defaultProvider);
 
         // Register listeners
         $listeners = array();
@@ -312,7 +313,7 @@ class SecurityExtension extends Extension
                 $contextKey = $firewall['context'];
             }
 
-            $config->replaceArgument(5, $contextKey);
+            $config->replaceArgument(6, $contextKey);
 
             $listeners[] = new Reference($this->createContextListener($container, $contextKey));
         }
@@ -382,7 +383,7 @@ class SecurityExtension extends Extension
         // Authentication listeners
         list($authListeners, $defaultEntryPoint) = $this->createAuthenticationListeners($container, $id, $firewall, $authenticationProviders, $defaultProvider, $configuredEntryPoint);
 
-        $config->replaceArgument(6, $configuredEntryPoint ?: $defaultEntryPoint);
+        $config->replaceArgument(7, $configuredEntryPoint ?: $defaultEntryPoint);
 
         $listeners = array_merge($listeners, $authListeners);
 
@@ -399,14 +400,13 @@ class SecurityExtension extends Extension
         $exceptionListener = new Reference($this->createExceptionListener($container, $firewall, $id, $configuredEntryPoint ?: $defaultEntryPoint, $firewall['stateless']));
 
         if (isset($firewall['access_denied_handler'])) {
-            $config->replaceArgument(7, $firewall['access_denied_handler']);
+            $config->replaceArgument(8, $firewall['access_denied_handler']);
         }
         if (isset($firewall['access_denied_url'])) {
-            $config->replaceArgument(8, $firewall['access_denied_url']);
+            $config->replaceArgument(9, $firewall['access_denied_url']);
         }
 
         $container->setAlias(new Alias('security.user_checker.'.$id, false), $firewall['user_checker']);
-        $config->replaceArgument(9, $firewall['user_checker']);
 
         foreach ($this->factories as $position) {
             foreach ($position as $factory) {
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
index 8eb3aec447..8def320482 100644
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -117,6 +117,7 @@
         <service id="security.firewall.config" class="Symfony\Bundle\SecurityBundle\Security\FirewallConfig" abstract="true" public="false">
             <argument />                   <!-- name -->
             <argument />                   <!-- request_matcher -->
+            <argument />                   <!-- user_checker -->
             <argument />                   <!-- security enabled -->
             <argument />                   <!-- stateless -->
             <argument />                   <!-- provider -->
@@ -124,7 +125,6 @@
             <argument />                   <!-- entry_point -->
             <argument />                   <!-- access_denied_handler -->
             <argument />                   <!-- access_denied_url -->
-            <argument />                   <!-- user_checker -->
             <argument type="collection" /> <!-- listeners -->
         </service>
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php b/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php
index dc48c459a2..a36ff95513 100644
--- a/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php
+++ b/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php
@@ -18,6 +18,7 @@ final class FirewallConfig
 {
     private $name;
     private $requestMatcher;
+    private $userChecker;
     private $securityEnabled;
     private $stateless;
     private $provider;
@@ -25,12 +26,12 @@ final class FirewallConfig
     private $entryPoint;
     private $accessDeniedHandler;
     private $accessDeniedUrl;
-    private $userChecker;
     private $listeners;
 
     /**
      * @param string      $name
      * @param string      $requestMatcher
+     * @param string      $userChecker
      * @param bool        $securityEnabled
      * @param bool        $stateless
      * @param string|null $provider
@@ -38,13 +39,13 @@ final class FirewallConfig
      * @param string|null $entryPoint
      * @param string|null $accessDeniedHandler
      * @param string|null $accessDeniedUrl
-     * @param string|null $userChecker
      * @param string[]    $listeners
      */
-    public function __construct($name, $requestMatcher, $securityEnabled = true, $stateless = false, $provider = null, $context = null, $entryPoint = null, $accessDeniedHandler = null, $accessDeniedUrl = null, $userChecker = null, $listeners = array())
+    public function __construct($name, $requestMatcher, $userChecker, $securityEnabled = true, $stateless = false, $provider = null, $context = null, $entryPoint = null, $accessDeniedHandler = null, $accessDeniedUrl = null, $listeners = array())
     {
         $this->name = $name;
         $this->requestMatcher = $requestMatcher;
+        $this->userChecker = $userChecker;
         $this->securityEnabled = $securityEnabled;
         $this->stateless = $stateless;
         $this->provider = $provider;
@@ -52,7 +53,6 @@ final class FirewallConfig
         $this->entryPoint = $entryPoint;
         $this->accessDeniedHandler = $accessDeniedHandler;
         $this->accessDeniedUrl = $accessDeniedUrl;
-        $this->userChecker = $userChecker;
         $this->listeners = $listeners;
     }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
index e5a6a4b760..2d912721ed 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
@@ -78,7 +78,7 @@ class SecurityDataCollectorTest extends \PHPUnit_Framework_TestCase
 
     public function testGetFirewall()
     {
-        $firewallConfig = new FirewallConfig('dummy', 'security.request_matcher.dummy');
+        $firewallConfig = new FirewallConfig('dummy', 'security.request_matcher.dummy', 'security.user_checker.dummy');
         $request = $this->getRequest();
 
         $firewallMap = $this
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
index 8f877de4cc..34e3ad5611 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -79,16 +79,17 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase
             array(
                 'simple',
                 'security.request_matcher.707b20193d4cb9f2718114abcbebb32af48f948484fc166a03482f49bf14f25e271f72c7',
+                'security.user_checker',
                 false,
             ),
             array(
                 'secure',
                 '',
+                'security.user_checker',
                 true,
                 true,
                 'security.user.provider.concrete.default',
                 'security.authentication.form_entry_point.secure',
-                'security.user_checker',
                 array(
                     'logout',
                     'switch_user',
@@ -104,12 +105,12 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase
             array(
                 'host',
                 'security.request_matcher.dda8b565689ad8509623ee68fb2c639cd81cd4cb339d60edbaf7d67d30e6aa09bd8c63c3',
+                'security.user_checker',
                 true,
                 false,
                 'security.user.provider.concrete.default',
                 'host',
                 'security.authentication.basic_entry_point.host',
-                'security.user_checker',
                 array(
                     'http_basic',
                     'anonymous',
@@ -118,12 +119,12 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase
             array(
                 'with_user_checker',
                 '',
+                'app.user_checker',
                 true,
                 false,
                 'security.user.provider.concrete.default',
                 'with_user_checker',
                 'security.authentication.basic_entry_point.with_user_checker',
-                'app.user_checker',
                 array(
                     'http_basic',
                     'anonymous',
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php
index 8d9b0519b1..eb6eeeb8dd 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php
@@ -33,6 +33,7 @@ class FirewallConfigTest extends \PHPUnit_Framework_TestCase
         $config = new FirewallConfig(
             'foo_firewall',
             $options['request_matcher'],
+            $options['user_checker'],
             $options['security'],
             $options['stateless'],
             $options['provider'],
@@ -40,7 +41,6 @@ class FirewallConfigTest extends \PHPUnit_Framework_TestCase
             $options['entry_point'],
             $options['access_denied_handler'],
             $options['access_denied_url'],
-            $options['user_checker'],
             $listeners
         );
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallContextTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallContextTest.php
index cce2a5b47f..098e2c51f8 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallContextTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallContextTest.php
@@ -20,7 +20,7 @@ class FirewallContextTest extends \PHPUnit_Framework_TestCase
 {
     public function testGetters()
     {
-        $config = new FirewallConfig('main', 'request_matcher');
+        $config = new FirewallConfig('main', 'request_matcher', 'user_checker');
 
         $exceptionListener = $this
             ->getMockBuilder(ExceptionListener::class)