The middleware side of things is barely documented at the moment though if you know node.js and ExpressJS it is actually pretty straight-forward to implement something.
Something useful takes a little more 
You might be able to cobble it together but you will most likely be better off writing the middleware function yourself. uibuilder specifically allows for this.
The middleware function is contained in a file (you get a dummy example as a template). That function is executed every time a resource is loaded from the URL defined in your uibuilder node. To see what it is doing, simply uncomment the code in the example file (look in the ~/.node-red/uibuilder/.config/ folder for uibMiddleware.js).
After uncommenting the code, restart Node-RED then check the Node-RED log after you (re)load a uibuilder page. You will see debug output appear several times (once for each resource being loaded by the page and once for the page itself).
From there you could add a check to see if a JWT header was present and if not, redirect to a different page (which uibuilder can also serve up). Use a JWT helper node to facilitate a login process and make sure that the authorisation header is added to each resource load.
So as you can see, even securing a page isn't that simple - a knowledge of node.js and ExpressJS is needed as is some knowledge of how to secure ExpressJS.
For simple uses on secure networks, the above may be enough but in most cases you will also need to secure the websocket connection which requires its own middleware (sioMiddleware.js) - and that only works in the initial connection, you need to then also add checks to your flow to make sure that ongoing communication remains secure - that is a "feature" of websockets, not a uibuilder limitation.
I will be creating examples for this and will doubtless end up improving the whole process but I couldn't do any of that until v2 was out the door.
Also remember that you must secure your connections with TLS. That is absolutely mandatory for any authentication and authorisation process. You can add TLS to Node-RED (see the docs) but honestly, it is generally much better to do it via a "reverse proxy" using NGINX or HAproxy (other web servers could also be used). Again, make sure that you proxy the websocket connections as well as the HTTP connections.
