1 class ApplicationController < ActionController::Base
2   authenticate :signin => {:controller => "authentication", :action => "signin"},
3                :model => :user
4 end

 1 class AuthenticationController < ApplicationController
 2   no_authentication_for :signin, :signout
 3   
 4   def signin
 5     if request.post?
 6       user_class = ApplicationController.authentication_options[:model].to_class
 7       user = user_class.authenticate(params[:user][:user_name], user_class.hash_password(params[:user][:password]))
 8       if user
 9         session[ApplicationController.authentication_options[:model]] = user
10         if session[:intended_uri]
11           redirect_to(session[:intended_uri] || {:action => "index"})
12           session[:intended_uri] = nil
13         else
14           redirect_to :controller => "guestbook"
15         end
16       else
17         flash[:notice] = "We could not log you in."
18       end
19     end
20   end
21 
22   def signout
23     session[ApplicationController.authentication_options[:model]] = nil
24     redirect_to authentication_options[:signin]
25   end
26 end

1 require 'digest/sha1'
2 class Use < ActiveRecord::Base
3   acts_as_authenticated :signin_id => :user_name, :password => :password
4 end

 1 class AdminController < ApplicationController
 2   authorize "admin:rw"
 3   authorize "admin:x", :only => :special_action
 4   
 5   def index
 6     ...
 7   end
 8 
 9   def create
10     ...
11   end
12   
13   def destroy
14     ...
15   end
16 
17   def special_action
18     ...
19   end
20 end