create filter in class Controller (file protected/components/Controller.php)
public function filters()
{
return array( 'accessControl', // perform access control for CRUD operations
);
}
Then, in accesRules in Controller, allow all users to perform SiteController controller and it’s login action, allow all authorized users to perform all controllers, and then deny all controllers from all users.