Private blog?

I want a blog that requires all visitors to be authenticated users.
Didn’t see the point of doing apache based http auth, when I could
just re-use typos own login system.

Has anyone got this working?

My first guess (on 4.1.0) was to set:

before_filter :login_required, :except => [ :login ]

in ApplicationController, which sort of works. When I hit the
I’m asked to login, but RSS, atom and CSS urls ask for a login and then
redirect me into the admin controller.

Wondered if anyone ever tried this and whether there’s something
easier I’m missing.