Module.php

/**
 * Executada no bootstrap do módulo
 * 
 * @param MvcEvent $e
 */
public function onBootstrap($e)
{
    /** @var \Zend\ModuleManager\ModuleManager $moduleManager */
    $moduleManager = $e->getApplication()->getServiceManager()->get('modulemanager');
    /** @var \Zend\EventManager\SharedEventManager $sharedEvents */
    $sharedEvents = $moduleManager->getEventManager()->getSharedManager();

    //adiciona eventos ao módulo
    $sharedEvents->attach('Zend\Mvc\Controller\AbstractActionController', \Zend\Mvc\MvcEvent::EVENT_DISPATCH, array($this, 'mvcPreDispatch'), 100);
}

/**
 * Verifica se precisa fazer a autorização do acesso
 * @param  MvcEvent $event Evento
 * @return boolean
 */
public function mvcPreDispatch($event)
{
    $di = $event->getTarget()->getServiceLocator();
    $routeMatch = $event->getRouteMatch();
    $moduleName = $routeMatch->getParam('module');
    $controllerName = $routeMatch->getParam('controller');

    if ($moduleName == 'admin' && $controllerName != 'Admin\Controller\Auth') {
        $authService = $di->get('Admin\Service\Auth');
        if (! $authService->authorize()) {
            $redirect = $event->getTarget()->redirect();
            $redirect->toUrl('/admin/auth');
        }
    }
    return true;
}

Caso ele tente excluir assim exclui, é necessário adicionar um "return" na linha 33, ficando assim:
return $redirect->toUrl('/admin/auth');