can be configured to force authentication on every path in the application.
Create a login firewall with anonymous access whose patterns
match your login form paths. It must be first on the list of firewalls.
Then, set your security area to disallow anonymous.
Once you configure the firewall this way, all visitors will be forced to
the login form.