I assume you are trying to do user authentication if user is not authorized and if not you want user to be presented with a login screen for authorization. There can be different ways to do this ranging from simple to not-so-simple depending on exactly what and how you want to do it. Probably the simplest approach can be to make use of transient property of user-profile in a switch droplet and redirect to the login page using the Redirect droplet as required for an anonymous user. The example here will gives an idea of this approach:
In case you have customized the userProfile definition by adding your own security-status and customized the request pipeline to set the security-status based on your application logic then you can use it in place of Profile.transient.
Another approach is to add your own AuthenticationServlet in the request handling pipeline based on the BasicAuthenticationPipelineServlet class similar to what has been used for dyn/admin. Refer this documentation
There is one more way where you can add your own servlet-filter for your application which can extend atg.servlet.DispatchFilter class so that you can specify parameters like login or redirect page, pages to check etc. through <init-param> section of your filter entry in web.xml and access them in your filter class with their respective getter/setter. Apply the necessary checks and logic inside the overridden doFilterRequest() of your filetr-class and you are all set.