You could setup a global "Before" in your routes. I'm not using roles in my current app, but we are redirect users globally based on whether or not they are signed in.
You could probably do something like this:
Router.before(function() {
unless(Meteor.userId()) {
this.redirect('userUnauthorized');
do (this.stop)
}
}, {except: ['userUnauthorized', 'otherPageUnauthorizedUsersAllowedToSee']});
We use something similar right below our Router.configure()