How to use 2 behaviors (authenticator, access)?

Hello, i’m trying to use those 2 behaviors in the controller, which extends ActiveController

But authenticator behavior works every time, ignoring access behavior

There is my code




public function behaviors() {

        $behaviors = parent::behaviors();


        $behaviors['authenticator'] = [

            'class' => TokenAuth::className()

        ];


        $behaviors['access'] = array(

            'class' => \yii\filters\AccessControl::className(),

            'only' => ['login', 'registration', 'logout'],

            'rules' => array(

                [

                    'allow' => true,

                    'actions' => ['login', 'registration'],

                    'roles' => ['?'],

                    'verbs' => ['post']

                ],

                [

                    'allow' => true,

                    'actions' => ['logout'],

                    'roles' => ['@'],

                ],

            )

        );


        return $behaviors;

    }



For an example: Access to all methods should be disabled. Authenticated users should have access to method "logout". Unauthenticated users should have access to "login" and "registration" methods.


TokenAuth::className()

is almost identical to


QueryParamAuth::className()

. I just do some additional checks.

What’s wrong?