Authentication 2.0 Plugins

In Auth component we use

Public function beforeFilter(Envent $event){


To deny access to specific action in a controller.

How do i achieve this same operation using Authentication 2.0 plugin?

By default the new authentication plugins deny access to all actions if you are not logged in. See here

So you would have to specifically allow actions to be accessed as not logged in users (which we recommend to not unintentionally publish stuff you don’t want to)

public function beforeFilter(\Cake\Event\EventInterface $event)
    $this->Authentication->allowUnauthenticated(['login', 'index', 'view']);

But if you want to invert that behavior so that everything is allowed as not logged in users besides specific actions you need to set this config

Also please watch my workshop talking about the new auth plugins.

I have watched your video many times but you did not mention this type of case study.

I have about 25 methods in a controller, I want to allow all methods except only one (1) of then. How do i get it done?

In AuthComponent we have $this->Auth->deny([‘register’]); What can we use in place of this deny action in Authentication plugin.


With the help of the others in the core team I got something for you

    public function beforeFilter(EventInterface $event)
        $action = $this->getRequest()->getParam('action');
        if ($action !== 'register') {

Very helpful, thanks