There is a lot of scenarios which are impossible to accomplish without EL support in login-required attribute. Example: some pages should be freely accessed by recognized users (users who have e.g. you cookie set in it), but require login or registration from unrecognized users. Conditional check against e.g. session-scoped bean in login-required would be clean an elegant way to achieve this. Ok, you can add several intermediate views and redirect amongst them to achieve this, but it looks ridiculous comparing to clean EL approach.