...
[09:48:07 CST(-0600)] <dmccallum54> for the fragment space, you're never going to be accessing that anonymously, right? you'd only be going that route if you've decided you need to authenticate and the portal needs somewhere to redirect you. so we might not need to do anything special there
[09:49:55 CST(-0600)] <dmccallum54> for the API space… i dont see any special interceptors configured for that space… which means security should depend entirely on method-level annotations. so i think we'd just need to go through those and figure out which ones can/should be accessible anonymously