The way you've set it up, grub will ask for a password if you try to edit any of the boot entries, or to enter the grub shell. But you can still boot any of the entries listed without needing a password.
To require the password before booting a specific entry, you need to edit the /boot/grub2/grub.cfg file, find the relevant "menuentry" line, and add a "--users" option. You can look at the grub manual for some examples: http://www.gnu.org/software/grub/man....html#Security
Note that (annoyingly) grub2-mkconfig sets the permissions on /boot/grub2/grub.cfg to read-only (even for root), so you'll need to do something like
su -c 'chmod 600 /boot/grub2/grub.cfg'
su -c 'vi /boot/grub2/grub.cfg'
to edit the file.
I don't know that it is possible to require a password before showing the grub menu.