CakePHP: using Security::allowedControllers and Security::allowedActions
I'm trying to use Security::allowedControllers and Security::allowedActions. So I have a controller which look more or less like this
class AppController extends Controller {
var $components = array('Security'); //other components
//other stuff
}
class BookController extends AppController {
function beforeFilter() {
parent::beforeFilter();
$this->Security->allowedControllers = array('Users');
$this->Security->allowedActions = array('view');
$this->Security->RequireAuth = array('search', 'results');
}
//other stuff
}
The action 'search' displays a form, which then calls 'results' to show the results of the search. I am intentionally trying to be blackholed.
For what I understand of $this->Security->allowedControllers and $this->Security->allowedActions, I should be able to get POST data only from the action 'view' of the controller 'Users'. In particular the action 'results' should redirect me to a black hole, since it obtains POST data from the action 'search' of the controller 'Books'.
But this is not the case. I can even make cross controller requests, and never get blackholed, so I guess I'm not using correctly this variables. What is the right way to trigger cross-controller requests control?
Similar entries
- Good security practices in CakePHP
- Cakephp: Abstracting AppController another level, possible?
- [CakePHP] SSL 接続を必須にする SSL コンポーネント
- CakePHP 1.2 RC2 + Security Component
- Using the Security Component in CakePHP for SSL
- Protecting your forms with the Security Component
- MySecurity Component
- CakePHP 1.26: Bug in 'Security' component?
- A More Secure Way to Transfer Session State Between CakePHP Applications
- Security issue in CakePHP code documentation
Popular content
Today's:
All time:
