cakePHP - how does the AuthComponent authenticate?

I'm trying to wrap my head round how the auth comp开发者_C百科onent authenticates.

Currently my AppController looks something like this.

class AppController extends Controller 
{
    var $components = array('Auth', 'Session');

    function beforeFilter() 
    {
        $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
        $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
    }
}

If I was to leave my login action completely empty, the auth component will still try to authenticate when the user reaches the login page.

Is this how it should be? Couldn't this be a problem if it's always trying to authenticate?

If the requested action is the action configured in AuthComponent::loginAction (UserController::login by default) and $this->data contains the fields configured in AuthComponent::userModel/AuthComponent::fields (User.username and User.password by default), the AuthComponent will try to authenticate the current user. It'll automatically try this after Controller::beforeFilter was executed but before the requested action is called. If the login was successful (and any additional restrictions you may have applied in the AuthComponent configuration have cleared), it'll redirect to where the user came from, otherwise it'll execute the requested action as usual.

So no, this won't pose a problem, since it'll only attempt authentication under these particular circumstances.