diff --git a/core/modules/rest/config/rest.settings.yml b/core/modules/rest/config/rest.settings.yml
index 91c9a7b..bac0ce1 100644
--- a/core/modules/rest/config/rest.settings.yml
+++ b/core/modules/rest/config/rest.settings.yml
@@ -1,26 +1,23 @@
 # Enable all methods on nodes.
 resources:
   entity:node:
-    GET: { }
-    POST: { }
-    PATCH: { }
-    DELETE: { }
-
-# To enable only specific formats for an operation, list the supported_formats.
-# For example, the following config makes JSON the only format available for
-# node GET requests.
-#   resources:
-#     entity:node:
-#       GET:
-#         supported_formats:
-#           - json
-#
-# To enable only specific authentication methods for an operation, list them
-# at supported_auth.
-# For example, the following config only allows Basic HTTP authenticated
-# requests for the POST method on the node entity.
-#   resources:
-#     entity:node:
-#       POST:
-#         supported_auth:
-#           - http_basic
+    GET:
+      supported_formats:
+        - hal_json
+      supported_auth:
+        - http_basic
+    POST:
+      supported_formats:
+        - hal_json
+      supported_auth:
+        - http_basic
+    PATCH:
+      supported_formats:
+        - hal_json
+      supported_auth:
+        - http_basic
+    DELETE:
+      supported_formats:
+        - hal_json
+      supported_auth:
+        - http_basic
diff --git a/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php b/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php
index 325f472..0336e8f 100644
--- a/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php
+++ b/core/modules/rest/lib/Drupal/rest/EventSubscriber/RouteSubscriber.php
@@ -66,23 +66,23 @@ public function dynamicRoutes(RouteBuildEvent $event) {
         if ($method && isset($enabled_methods[$method])) {
           $route->setRequirement('_access_rest_csrf',  'TRUE');
 
-          // If the array of configured format restrictions is empty for a
-          // method always add the route.
-          if (empty($enabled_methods[$method])) {
-            $collection->add("rest.$name", $route);
+          // Check that authentication providers are defined.
+          if (empty($enabled_methods[$method]['supported_auth']) || !is_array($enabled_methods[$method]['supported_auth'])) {
+            watchdog('rest', 'At least one authentication provider must be defined for resource @id', array(':id' => $id), WATCHDOG_ERROR);
             continue;
           }
-          // Check if there are authentication provider restrictions in the
-          // configuration and apply them to the route.
-          if (!empty($enabled_methods[$method]['supported_auth']) && is_array($enabled_methods[$method]['supported_auth'])) {
-            $route->setOption('_auth', $enabled_methods[$method]['supported_auth']);
-          }
-          // If there is no format requirement or if it matches the
-          // configuration also add the route.
+
+          // If the route has a format requirement, then verify that the
+          // resource has it.
           $format_requirement = $route->getRequirement('_format');
-          if (!$format_requirement || empty($enabled_methods[$method]['supported_formats']) || in_array($format_requirement, $enabled_methods[$method]['supported_formats'])) {
-            $collection->add("rest.$name", $route);
+          if ($format_requirement && empty($enabled_methods[$method]['supported_formats'])) {
+            watchdog('rest', 'At least one format must be defined for resource @id', array(':id' => $id), WATCHDOG_ERROR);
+            continue;
           }
+
+          // Add the resource.
+          $route->setOption('_auth', $enabled_methods[$method]['supported_auth']);
+          $collection->add("rest.$name", $route);
         }
       }
     }
diff --git a/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php b/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php
index d6fc9f9..1cc078e 100644
--- a/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php
+++ b/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php
@@ -33,6 +33,7 @@ protected function setUp() {
     parent::setUp();
     $this->defaultFormat = 'hal_json';
     $this->defaultMimeType = 'application/hal+json';
+    $this->defaultAuth = array('cookie');
     // Create a test content type for node testing.
     $this->drupalCreateContentType(array('name' => 'resttest', 'type' => 'resttest'));
   }
@@ -198,19 +199,20 @@ protected function entityValues($entity_type) {
    * @param array $auth
    *   (Optional) The list of valid authentication methods.
    */
-  protected function enableService($resource_type, $method = 'GET', $format = NULL, $auth = array()) {
+  protected function enableService($resource_type, $method = 'GET', $format = NULL, $auth = NULL) {
     // Enable REST API for this entity type.
     $config = \Drupal::config('rest.settings');
     $settings = array();
+
     if ($resource_type) {
-      if ($format) {
-        $settings[$resource_type][$method]['supported_formats'][] = $format;
+      if ($format == NULL) {
+        $format = $this->defaultFormat;
       }
-      else {
-        $settings[$resource_type][$method] = array();
+      $settings[$resource_type][$method]['supported_formats'][] = $format;
+
+      if ($auth == NULL) {
+        $auth = $this->defaultAuth;
       }
-    }
-    if (is_array($auth) && !empty($auth)) {
       $settings[$resource_type][$method]['supported_auth'] = $auth;
     }