...
[09:49:55 CST(-0600)] <dmccallum54> for the API space… i dont see any special interceptors configured for that space… which means security should depend entirely on method-level annotations. so i think we'd just need to go through those and figure out which ones can/should be accessible anonymously
[09:51:25 CST(-0600)] <dmccallum54> for those that can be accessed anonymously, i think the annotation would be a spring EL expression that allows either authenticated or anonymous users… i'd just have to experiment to figure out exactly what works