diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc
index e1c15fe..6991056 100644
--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -293,7 +293,9 @@
  * @see http://php.net/manual/reserved.variables.server.php
  * @see http://php.net/manual/function.time.php
  */
-define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
+if (!defined('REQUEST_TIME')) {
+  define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
+}
 
 /**
  * Flag for drupal_set_title(); text is not sanitized, so run check_plain().
@@ -331,7 +333,9 @@
  *
  * This strips two levels of directories off the current directory.
  */
-define('DRUPAL_ROOT', dirname(dirname(__DIR__)));
+if (!defined('DRUPAL_ROOT')) {
+  define('DRUPAL_ROOT', dirname(dirname(__DIR__)));
+}
 
 /**
  * Starts the timer with the specified name.
diff --git a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
new file mode 100644
index 0000000..9180dd2
--- /dev/null
+++ b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\user\Access\RoleAccessCheck.
+ */
+
+namespace Drupal\user\Access;
+
+use Drupal\Core\Access\AccessCheckInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Route;
+
+/**
+ * Determines access to routes based on roles defined via hook_permission().
+ */
+class RoleAccessCheck implements AccessCheckInterface {
+
+  /**
+   * Implements AccessCheckInterface::applies().
+   */
+  public function applies(Route $route) {
+    return array_key_exists('_role', $route->getRequirements());
+  }
+
+  /**
+   * Implements AccessCheckInterface::access().
+   */
+  public function access(Route $route, Request $request) {
+    // Requirements just allow strings, so this might be a comma separated list.
+    $rid_string = $route->getRequirement('_role');
+    $rids = array_map('trim', explode(',', $rid_string));
+    // @todo Replace the role check with a correctly injected and session-using
+    //   alternative.
+    $account = $GLOBALS['user'];
+    $roles = array_keys($account->roles);
+
+    $diff = array_diff(array_filter($rids), $roles);
+    if (empty($diff)) {
+      return TRUE;
+    }
+    else {
+      return NULL;
+    }
+  }
+
+}
diff --git a/core/modules/user/lib/Drupal/user/UserBundle.php b/core/modules/user/lib/Drupal/user/UserBundle.php
index f7c4a88..689a20c 100644
--- a/core/modules/user/lib/Drupal/user/UserBundle.php
+++ b/core/modules/user/lib/Drupal/user/UserBundle.php
@@ -24,6 +24,8 @@ public function build(ContainerBuilder $container) {
       ->addTag('access_check');
     $container->register('access_check.user.register', 'Drupal\user\Access\RegisterAccessCheck')
       ->addTag('access_check');
+    $container->register('access_check.user.role', 'Drupal\user\Access\RoleAccessCheck')
+      ->addTag('access_check');
     $container
       ->register('user.data', 'Drupal\user\UserData')
       ->addArgument(new Reference('database'));
diff --git a/core/tests/Drupal/Tests/Core/Route/RouterRoleTest.php b/core/tests/Drupal/Tests/Core/Route/RouterRoleTest.php
new file mode 100644
index 0000000..852dff1
--- /dev/null
+++ b/core/tests/Drupal/Tests/Core/Route/RouterRoleTest.php
@@ -0,0 +1,151 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Tests\Core\Route\RouterRoleTest.
+ */
+
+namespace Drupal\Tests\Core\Route;
+
+use Drupal\Core\DependencyInjection\ContainerBuilder;
+use Drupal\Tests\UnitTestCase;
+use Drupal\user\Access\RoleAccessCheck;
+use Drupal\user\Plugin\Core\Entity\User;
+use Symfony\Component\DependencyInjection\Container;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Routing\Route;
+use Symfony\Component\Routing\RouteCollection;
+
+/**
+ * Defines tests for role based access in routes.
+ */
+class RouterRoleTest extends UnitTestCase {
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = array('router_test');
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Router Role tests',
+      'description' => 'Function Tests for the routing role system.',
+      'group' => 'Routing',
+    );
+  }
+
+  /**
+   * Generates the test route collection.
+   *
+   * @return \Symfony\Component\Routing\RouteCollection
+   *   Returns the test route collection.
+   */
+  protected function getTestRouteCollection() {
+    $route_collection = new RouteCollection();
+    $route_collection->add('role_test_1', new Route('/role_test_1',
+      array(
+        '_controller' => '\Drupal\router_test\TestControllers::test1'
+      ),
+      array(
+        '_role' => 'role_test_1',
+      )
+    ));
+    $route_collection->add('role_test_2', new Route('/role_test_2',
+      array(
+        '_controller' => '\Drupal\router_test\TestControllers::test1'
+      ),
+      array(
+        '_role' => 'role_test_2',
+      )
+    ));
+    $route_collection->add('role_test_3', new Route('/role_test_3',
+      array(
+        '_controller' => '\Drupal\router_test\TestControllers::test1'
+      ),
+      array(
+        '_role' => 'role_test_1, role_test_2',
+      )
+    ));
+
+    return $route_collection;
+  }
+
+  /**
+   * Tests role requirements on routes.
+   */
+  public function testRoleAccess() {
+    // Setup two different roles used in the test.
+    $rid_1 = 'role_test_1';
+    $rid_2 = 'role_test_2';
+
+    // Setup one user with the first role, one with the second, one with both
+    // and one final without any of these two roles.
+    $all_uids = array();
+    $accounts = array();
+
+    include DRUPAL_ROOT . '/core/includes/bootstrap.inc';
+
+    $account_1 = new User(array('uid' => 1), 'user');
+    $account_1->roles[$rid_1] = $rid_1;
+    $all_uids[] = $account_1->id();
+    $accounts[$account_1->id()] = $account_1;
+
+    $account_2 = new User(array('uid' => 2), 'user');
+    $account_2->roles[$rid_2] = $rid_2;
+    $all_uids[] = $account_2->id();
+    $accounts[$account_2->id()] = $account_2;
+
+    $account_12 = new User(array('uid' => 3), 'user');
+    $account_12->roles[$rid_1] = $rid_1;
+    $account_12->roles[$rid_2] = $rid_2;
+    $all_uids[] = $account_12->id();
+    $accounts[$account_12->id()] = $account_12;
+
+    $account_none = new User(array('uid' => 4), 'user');
+    $all_uids[] = $account_none->id();
+    $accounts[$account_none->id()] = $account_none;
+
+    // Setup expected values, so which path can be access by which user.
+    $expected = array();
+    $expected['role_test_1'] = array($account_1->id(), $account_12->id());
+    $expected['role_test_2'] = array($account_2->id(), $account_12->id());
+    $expected['role_test_3'] = array($account_12->id());
+
+    // @todo Decide whether it's worth to manipulate global $user; and directly
+    // check the access or call the actual pages.
+
+    $role_access_check = new RoleAccessCheck();
+
+    $collection = $this->getTestRouteCollection();
+
+    foreach ($expected as $path => $uids) {
+      // Login for each user and check the access to the path.
+      foreach ($uids as $uid) {
+        $account = $accounts[$uid];
+        $GLOBALS['user'] = $account;
+
+        $subrequest = Request::create($path, 'GET');
+        $this->assertTrue($role_access_check->access($collection->get($path), $subrequest), sprintf('Access granted for user with the roles %s on path: %s',
+          implode(', ', $account->roles),
+          $path
+        ));
+      }
+
+      // Check all users which don't have access.
+      foreach (array_diff($all_uids, $uids) as $uid) {
+        $account = $accounts[$uid];
+        $GLOBALS['user'] = $account;
+
+        $subrequest = Request::create($path, 'GET');
+        $this->assertEmpty($role_access_check->access($collection->get($path), $subrequest), sprintf('Access denied for user with the roles %s on path: %s',
+          implode(', ', $account->roles),
+          $path
+        ));
+      }
+    }
+  }
+
+}