CakePHP Login Infinite Redirect

Question

I have looked at quite a few similar issues on SO but none have answered my question or been able to help me resolve this... Basically when i comment out the $this->auth->allow line in the NewsController (because i only want authenticated people to access all the actions apart from login/register) it causes a login infinite loop. When i allow all users to access the index action in the newscontroller it works fine. Any ideas why this would be looping on login?

AppController

<?php
App::uses('Controller', 'Controller');

class AppController extends Controller {
    public $components = array(
        'Session',
        'Auth' => array(
            'loginAction' => array('controller' => 'users', 'action' => 'login'),
            'loginRedirect' => array('controller' => 'news', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
            'authorize' => array('Controller')
        )
    );

UsersController

<?php
class UsersController extends AppController {

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('register');
    }

    public function login() {
        $this->layout = 'eprime_empty';
        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                $this->redirect($this->Auth->redirect());
            } else {
                $this->Session->setFlash('Invalid username or password, try again', 'default', array('class' => 'warning'));
            }
        }
    }

    public function logout() {
        $this->redirect($this->Auth->logout());
    }

NewsController

<?php
class NewsController extends AppController {

    public $helpers = array('Html', 'Form', 'Session');

    public function beforeFilter() {
        parent::beforeFilter();
    //    $this->Auth->allow('index', 'view');
    }

    public function index() {
         $this->set('news', $this->News->find('all'));
    }

Answer 1

If you want only authenticated peoples to get access to all action apart from login and logout then no need to define key value pair

'authorize' => array('Controller') 

in AppCOntroller. Because if you specify this key, you have to specify function isAuthorized() which will return either true or false(based on condition you specify for allowing users/usergroups to access that action).

    public function isAuthorized(){
     return true;//or false 
   } 

and no need to redefine

public $helpers = array('Html', 'Form', 'Session');
public $components = array('Session');

as you already defined in AppController.

Answer 2

There is another issue may happen when use requests actions in Elements, so you have to allow request actions in their main Controllers as below:

 --------[app\View\view.ctp]------------
 $this->Element('comments');

 --------[app\View\Elements\comments.ctp]----------
 $comments = $this->requestAction('comments/grab');

 --------[app\Controller\CommentsController]-----------
 function beforeFilter() {
     parent::beforeFilter();
     $this->Auth->allow('grab');
 }