Deny all actions by default

Question

I'm trying to deny all pages to unauthenticated users as it explains in documentation (http://book.cakephp.org/3.0/en/controllers/components/authentication.html#making-actions-require-authorization) so I put this in my AppController.php:

public function initialize()
{
    parent::initialize();
    $this->loadComponent('Auth', [
        'loginAction' => [
            'controller' => 'AuthController',
            'action' => 'login'
        ],
        'authenticate' => [
            'OAuth2Client.OAuth2'
        ]
    ]);
}

public function beforeFilter(Event $event)
{
    parent::beforeFilter($event);
    $this->Auth->deny();
}

And nothing happens. Unauthorized users still can see all pages without be redirected. I also tried with 'authorized' => 'controller' for the Auth component and nothing changes. The Authenticate class is doing login well, but I cannot achieve to deny all pages.

Genar Genar · Accepted Answer · 2015-05-18T16:56:55

I fixed the issue adding the correct methods on my custom Authentication provider. The missing method was getUser. It's not mentioned in documentation, either forced by interface, so you should define this method in order to make authorization works. Also you should setup authorize with Controller as it follows:

$this->loadComponent('Auth', [
    'authorize' => ['Controller']
]);

Deny all actions by default

1 Answers