[FLOW3-general] REST Controller and security policies

[François Suter]

Hi all,

I'm creating a REST controller for an EmberJS-driven interface. The data 
being exchanged between client and server is not meant to be public, so 
I tried defining a security policy for this controller and granting it 
only to authenticated users, but I can still access without being logged 
in (and I did clear the cache, to be sure).

Have I done something wrong or is it normal that a REST controller be 
not covered by the security framework?

Cheers

-- 

Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch