SecurityComponent::requireSecure() was actually the first iteration of what this component became.

requireSecure() was not exactly what we needed – that particular method will blackhole your request if it is not coming over HTTPS. While it would be possible to then write a blackhole method that simply redirects you to the HTTPS version of the current URL, that’s a slight abuse of the error control flow graph; blackhole’ing a request is what I would consider an ‘error’ path in the control flow. Blackhole methods should be endpoints, and I wanted to keep it that way.

Additionally, if you use the requireSecure() + blackhole redirect technique, then all of your subsequent requests will be over HTTPS as well – CakePHP link urls generated with the HtmlHelper are all relative (as opposed to absolute), and will simply inherit the protocol used in the previous request. While this may not be a problem for many people, I needed to avoid the encryption overhead on all non-essential requests.

Finally, having all of the related logic in a component also makes things very easy to debug or disable, instead of having to chase around your AppController & SecurityComponent configurations.

So, to solve these two issues and address the third, the SSL component was born. It’s not the most clever piece of code I’ve ever written, but it solved a few problems in a concise and very project-reusable manner.