diff --git a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
index a0d7de83f65..5ed12e79c2a 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
@@ -42,7 +42,7 @@ protected String getBeanClassName(Element element) {
 	@Override
 	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String dataSource = element.getAttribute(ATT_DATA_SOURCE);
-		if (dataSource != null) {
+		if (StringUtils.hasText(dataSource)) {
 			builder.addPropertyReference("dataSource", dataSource);
 		}
 		else {
diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
index 41395cd8b41..3b8add34c60 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -16,10 +16,12 @@
 
 package org.springframework.security.config.authentication;
 
+import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.w3c.dom.Element;
 
+import org.springframework.beans.factory.BeanDefinitionStoreException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.CachingUserDetailsService;
 import org.springframework.security.authentication.ProviderManager;
@@ -160,6 +162,44 @@ public void rolePrefixIsUsedWhenSet() {
 		assertThat(AuthorityUtils.authorityListToSet(rod.getAuthorities())).contains("PREFIX_ROLE_SUPERVISOR");
 	}
 
+	@Test
+	public void testEmptyDataSourceRef() {
+		// @formatter:off
+		String xml = "<authentication-manager>"
+					+ "  <authentication-provider>"
+					+ "    <jdbc-user-service data-source-ref=''/>"
+					+ "  </authentication-provider>"
+					+ "</authentication-manager>";
+		// @formatter:on
+
+		try {
+			setContext(xml);
+			Assertions.fail("Expected exception due to empty data-source-ref");
+		}
+		catch (BeanDefinitionStoreException ex) {
+			assertThat(ex.getMessage()).contains("data-source-ref is required");
+		}
+	}
+
+	@Test
+	public void testMissingDataSourceRef() {
+		// @formatter:off
+		String xml = "<authentication-manager>"
+					+ "  <authentication-provider>"
+					+ "    <jdbc-user-service/>"
+					+ "  </authentication-provider>"
+					+ "</authentication-manager>";
+		// @formatter:on
+
+		try {
+			setContext(xml);
+			Assertions.fail("Expected exception due to missing data-source-ref");
+		}
+		catch (BeanDefinitionStoreException ex) {
+			assertThat(ex.getMessage()).contains("XML document from").contains("is invalid");
+		}
+	}
+
 	private void setContext(String context) {
 		this.appContext = new InMemoryXmlApplicationContext(context);
 	}