If you're already using Devise and want to 'secure' the web UI for admin access only, add the following to your routes.rb file
resque_constraint = lambda do |request|
request.env['warden'].authenticate? and request.env['warden'].user.admin?
end
constraints resque_constraint do
mount Resque::Server, :at => "/admin/resque"
end
You will only need to define an admin? predicate method in your User model for the above to work. Users who aren't admins and who have not authenticated themselves will be accessing a route that does not exist — therefore ensure your app has very good 404 handling.
Using CanCan? See this blog post for details