Almost all web applications have some parts of their site they want to be secure such as login and profile pages.
To enable security ATG has a ProtocolSwitchServlet, located at /atg/dynamo/servlet/dafpipeline/ProtocolSwitchServlet. Set the enable property to true and configure the other properties appropriately.
The only other properties that you will need to configure are the secureList property and the ignoreList property. Examples of how these properties would be configured follow.
Optionally you might want to change the secureHostName and the httpsPort but typically it would be better to change siteHttpServerName and httpsPort respectively in /atg/dynamo/Configuration.
The default values for the other properties should be fine.