Try it for Forcing Login for All Pages in Yii:

http://www.larryullman.com/2010/07/20/forcing-login-for-all-pages-in-yii/

And for forceful login in the index page you can customize

public function handleBeginRequest($event)
{
    if (Yii::app()->user->isGuest && !in_array($_GET['r'],array('site/login'))) {
        Yii::app()->user->loginRequired();
    }
}

In regards to the SecurityController component suggestion :

class SecurityController extends CController

Maybe because of a newer version: I had to extend SecurityController from Controller to make it work. But then it works as a charm

You can check this posts

Special Topic - Authentication and Authorization

Yii Wiki

Check sample Blog App for post controller

Okay, I've done it finally.

Here is the code, I've added to the sitecontroller.php

public function filters()
{
    return array(
        'accessControl',
    );
}

public function accessRules()
{
    return array(
        array('allow',  // allow all users to perform only 'login' action
            'actions'=>array('login'),
            'users'=>array('*'),
        ),
        array('allow', // allow admin user to perform 'admin' AND 'delete' AND 'index' actions
            'actions'=>array('admin','delete','index'),
            'users'=>array('admin'),
        ),
        array('deny',  // deny all users
            'users'=>array('*'),
        ),
    );
}

So, it's working now.

thanks to all for your valuable replies

Just add the following at the top of the SiteController's index() action:

if(Yii::app()->user->getId()===null)
            $this->redirect(array('site/login'));

It will check if the user is logged. If that's not the case, the page will redirect to login.

In order to avoid any action being accessed by not logged users, you need to modify the accessRules() functions of your controllers:

public function accessRules()
{
    return array(
        array('allow',
            'actions'=>array(),
            'users'=>array('*'),
        ),
        array('allow', 
            'actions'=>array(),
            'users'=>array('@'),
        ),
        array('allow',
                            'actions'=>array(), 
            'users'=>array('admin'),
        ),
        array('deny',
                            'actions'=>array(), 
            'users'=>array('*'),
        ),
    );
}

In each controller, we have that function, and within it we have that four arrays. Each array declares an access rule. In the 'actions' parameter we specify which actions will be affected that access rule, and in 'users' we specify which users will be allow to access the actions. '*' means all users, authenticated or unauthenticated. '@' means only authenticated users, 'admin' means of course only admin members.

If any 'actions' parameters has no actual actions assigned, then just delete than line:

        array('allow',
                   'users'=>array('admin'),
        ), 

This is same as above but as a component so that it needs to be done only once and all controllers needing security can extend this component.

Add a new component in the components directory (SecurityController.php):

<?php

class SecurityController extends CController {

   public $breadcrumbs=array();

   public function filters()
   {
      return array(
         'accessControl',
      );
   }

   public function accessRules()
   {
      return array(
         array('allow',
               //'actions'=>array('admin','delete','index'),
               'users'=>array('admin', '@'),
         ),
         array('deny',  // deny all users
               'users'=>array('*'),
         ),
      );
   }
}

Now ensure all your controllers that need authentication inherits from SecurityController:

<?php

class JSController extends SecurityController {