diff --git a/core/lib/Drupal/Core/Access/PermissionAccessCheck.php b/core/lib/Drupal/Core/Access/PermissionAccessCheck.php
index e36ebcb..9502f8c 100644
--- a/core/lib/Drupal/Core/Access/PermissionAccessCheck.php
+++ b/core/lib/Drupal/Core/Access/PermissionAccessCheck.php
@@ -26,7 +26,7 @@ public function applies(Route $route) {
    * Implements Drupal\Core\Access\AccessCheckInterface::access().
    */
   public function access(Route $route, Request $request) {
-    $permission = $route->getDefault('_permission');
+    $permission = $route->getRequirement('_permission');
     // @todo Replace user_access() with a correctly injected and session-using
     //   alternative.
     // If user_access() fails, return NULL to give other checks a chance.
diff --git a/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php b/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php
index f76d535..83fdd63 100644
--- a/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php
+++ b/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php
@@ -62,6 +62,7 @@ public function dynamicRoutes(RouteBuildEvent $event) {
 
         // @todo Switch to ->addCollection() once http://drupal.org/node/1819018 is resolved.
         foreach ($plugin->routes() as $name => $route) {
+          $route->setRequirement('_access', 'TRUE');
           $collection->add("rest.$name", $route);
         }
       }