Here our requirement is that all application should always go through SSO even if you put prServlet in URL but it should not show you the Login Screen but we need to exclude one application from this requirement and that one application is also in same environment or server.
When user launches a URL it will launch servlet as a 'guest user' based on the Unauthenticated access group & associated authentication service will be executed on credentials submit (note the the service alias & system prepared associated login URL) . Associated authentication activity will take care of authentication of the user & then Pega will switch the access group of the user from temporary unauthenticated to actual access group as updated/verified by the authentication activity.
So Pega can know whats your application only after authenticating you (application doesn't determine the servlet but servlet auth service activity will determine the user's application) & there is no way you can do the reverse of it.
As I assume, what you can do is on your desired servlet auth service activity, set access group to WorkingOne if the user should be allowed otherwise set it to NotAllowed access group. Show a read only screen like you are not allowed to work on this application in NotAllowed access group application