The security section of the docs should give you pointers for using the core http-in/out nodes with authentication.
I'm currently (well, intermittently if truth be told) working on a security framework for uibuilder that will let you do authentication, authorisation and validation with the added bonus that the websocket connections should also be properly secured which isn't so easy. In fact, the first security release will focus purely on websocket based security and you will use ws messages to log in and for the system to continue to validate and timeout your sessions. That is on the assumption that uibuilder is primarily used for building single-page apps with data being exchanged via ws and only the UI itself given via http(s). So the UI shouldn't be secured, the data should. You can give the
security branch of uibuilder a try if you like though it certainly isn't all working as yet.