Mike Wiesner (Migrated from SEC-1494) said:
The ability to prevent hiding of UI elements (for example, those which have been omitted by the tag library) will be very useful for testing whether the URLs are actually secured at the back end.
Luke Taylor said:
It is now possible to force the parts of the UI to be shown which would normally be hidden by the authorize tag. If the system property spring.security.disableUISecurity is set to "true", the contents will still be rendered, but decorated with a surrounding tag to allow the "hidden" areas to be differentiated using CSS.