When configuring a constraint like "hasIpAddress('X.X.X.X')", Spring-Security usees the class org.springframework.security.web.util.IpAddressMatcher to compare the given IP with the IP from the request.
Unfortunatly, IpAddressMatcher throws an IllegalArgumentException, when the given IP and the IP from the request are of different type. This happens for example, when the request uses an IPv6-Address, but the Address used in "hasIpAddress()" was an IPv4-Address. The unexpected outcome of this behavior is, that any IPv6-request matching the resource will only see an error-page!
I suggest, that IpAddressMatcher responds with "false", if the given Address and the Address in the Request are of different type. That would solve this issue and is also the behavior I would expect: two IP-Addresses of different type are simply always not equal!