I want to understand the sequence of steps how it is verified that a user has permission to particular application page ('Acl', 'Auth', 'Security' components are used). For example, a visitor clicks a link on another site that directs him to my application. What is the sequence of steps that my application does to verify that this user has access to the page? What controllers and methods are called?