Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-1494: Document the use of system properties for disabling authorize tag functionality.

Luke Taylor 14 years ago
parent
66e2a5246d
commit
347a2a91a9
1 changed files with 18 additions and 0 deletions
Unified View Show Diff Stats
  1. 18 0
      docs/manual/src/docbook/taglibs.xml

+ 18 - 0
docs/manual/src/docbook/taglibs.xml
View File 

@@ -54,6 +54,24 @@ This content will only be visible to users who are authorized to send requests t
 
             stored in a page context scope variable by setting the <literal>var</literal> attribute
 
             stored in a page context scope variable by setting the <literal>var</literal> attribute
 
             to the variable name, avoiding the need for duplicating and re-evaluating the condition
 
             to the variable name, avoiding the need for duplicating and re-evaluating the condition
 
             at other points in the page.</para>
 
             at other points in the page.</para>
 
+        <section>
 
+            <title>Disabling Tag Authorization for Testing</title>
 
+            <para>Hiding a link in a page for unauthorized users doesn't prevent them from accessing
 
+                the URL. They could just type it into their browser directly, for example. As part
 
+                of your testing process, you may want to reveal the hidden areas in order to check
 
+                that links really are secured at the back end. If you set the system property
 
+                    <literal>spring.security.disableUISecurity</literal> to <literal>true</literal>,
 
+                the <literal>authorize</literal> tag will still run but will not hide its contents.
 
+                By default it will also surround the content with <literal>&lt;span
 
+                    class="securityHiddenUI">...&lt;/span></literal> tags. This allows you to
 
+                display <quote>hidden</quote> content with a particular CSS style such as a
 
+                different background colour. Try running the <quote>tutorial</quote> sample
 
+                application with this property enabled, for example.</para>
 
+            <para>You can also set the properties <literal>spring.security.securedUIPrefix</literal>
 
+                and <literal>spring.security.securedUISuffix</literal> if you want to change
 
+                surrounding text from the default <literal>span</literal> tags (or use empty strings
 
+                to remove it completely).</para>
 
+        </section>
 
     </section>
 
     </section>
 
     <section>
 
     <section>
 
         <title>The <literal>authentication</literal>Tag</title>
 
         <title>The <literal>authentication</literal>Tag</title>