4.8.2.4. Anonymous Access
By default, anonymous access is disabled. To enable it, use the cuba.rest.anonymousEnabled application property. A request is considered to be anonymous if it doesn’t contain an Authentication
header. In this case, the SecurityContext will contain an anonymous user session.