diff --git a/web/src/main/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluator.java
index 20776d8614..d1da376ce4 100644
--- a/web/src/main/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluator.java
@@ -51,7 +51,7 @@ public final class AuthorizationManagerWebInvocationPrivilegeEvaluator implement
 		FilterInvocation filterInvocation = new FilterInvocation(contextPath, uri, method);
 		AuthorizationDecision decision = this.authorizationManager.check(() -> authentication,
 				filterInvocation.getHttpRequest());
-		return decision != null && decision.isGranted();
+		return decision == null || decision.isGranted();
 	}
 
 }
diff --git a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java
index 2253e93fae..76be770777 100644
--- a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java
@@ -65,4 +65,11 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests {
 		assertThat(allowed).isFalse();
 	}
 
+	@Test
+	void isAllowedWhenAuthorizationManagerAbstainsThenAllowedTrue() {
+		given(this.authorizationManager.check(any(), any())).willReturn(null);
+		boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
+		assertThat(allowed).isTrue();
+	}
+
 }