A brief overviewEdit
A little back ground is necessary to understand how to put a security system together. First there is the User class. It represents a visitor on a website Click here is for the User overview. You have SecurityUser classes that extend the User class. You can use this class to set and test the credentials of a visitor. In the Action class there is getCredential() method that is used by a SecurityFilter to compare the required credentials of an action to the credentials of a vistior.
Credentials can take on any form necessary to fit the needs of a particular website. It could be as simple as having only defined VISITOR and ADMIN creditials or a full blown CMS with users, roles and groups. A credential can be any legal php data type. This means it could be a STRING, an INTEGER, an ARRAY or an OBJECT. Figuring out the specifics of your credential is part of the planning you need to do for the specific site. I will show you both extremes.
The first step in using the security system is to authenticate the visitor. This is usally done through a login form that looks in a database to find a visitor to see if they have registered and have permission to be authenticated in the system. The next step is to set the credentials for the visitor. This can also be loaded from a database. This has your visitor ready to use the website to the fullest potential.
Each action, should be set with the allowed credentials for that action. You can also set up an action to not need any checking for credentials using the isSecure() method.