accessControl filter and accessRules - no effect

I wanted the simple filtering for access control, so per the docs I added this code as an initial test to one of my controllers:

But all users are still able to access everything.  Am I missing something?

The '*' character is only used by 'users'. If you want the rule to be applied to all actions, you don't need to specify the 'actions' option.

How can I customize what happens when a user does not have access to the requested action?

I don't want them to return to the loginUrl or get a 401 error.

I just added CAccessControlFilter::accessDenied() method. You may override this method to customize the  behavior you want when access is denied.

Wow, that’s cool  ;D

Thanks qiang