Hi there Gerry,
Sorry for the slow reply. There are a few options. You can try using a Java EE security framework like Picketlink, or you can use a URL-rewriting framework like Rewrite Filter, or even Rewrite with security integration from Apache Shiro. We hope to ship a security plugin with Forge in the near future, that will handle setting up PicketLink or other security frameworks for your application.