We are soon planning to launch a wholesale website on the same odoo instance as our normal e-commerce website. This wholesale website should be restricted to be entirely login only access. 

Is it possible to have only one of the websites require user login to access any page?

My thoughts were: 

1. I can override controllers along the lines of:

 
if not request.session.uid:    
    return login_redirect()

However this will require overriding every single controller that provides a web page, resulting in tight coupling between modules which is not ideal. On top of that, I am not sure if I can override Web Page instances with controller overrides. 

2. I can put a t-if statement on the root web layout, only showing the login page if required. This has a security flaw since all the content will still be loaded in (you can find all the 'not-shown' code in the network inspector).

3. I can have a JS script check for the required login, and redirect if required. However, they could possibly circumvent this and still get all the page content just like in my 2nd idea.    

4. I can edit access rights, but this does not produce a redirect to login behavior. This simply prevents the user from seeing content.