I honestly dont know the answer to this one. Let me see if I can find out from someone.
I believe you could do this by modifying the filter chain for your custom web services. You can build an anonymous/pseudo-anonymous authentication object in the new filterr and set it in the session. Be sure that it gets invoked before the basic httpauthentication filter.
I actually have been working a lot with the REST call web services lately.
Your GET calls can always be anoymous except when accessing protected resources. Just drop it in the browser and you will see.
pldorrell is correct in that you can override the filters. The JiveBasicProcessingFilter is used with the REST calls but not the SOAP calls. (I have not figured out the filtering for SOAP). My guess is that if you use this approach and automatically authenticate a guest account, you will still get blocked when space permissions are more restrictive than allowing guests to access the resource.
Unless there is a real reason you cannot do it, I would just grab a generic user account and include thier credentials in the header of the REST call. There is a lot of damage that can be inflicted on your site if you give the anonymous user full power in the REST arena and if I am incorrect on the one previous paragraph.
I just wrote this blog post last night which may be of help to you.
Sorry for the silence, been a little busy.
My goal is to make only a limited number of methods in a particular service (or the entire service itself) accessible anonymously. I am not sure creating an anonymous account helps because the SBS asks for authentication before hitting the method (whether I copy and past the link to the browser or use a REST Client).
I've been working on a solution that uses Filters to allow anonymous users through to very specific URLs, e.g. /__services/_myservice/**. I am struggling a little with it, but I think this is the right approach. If you have any experience with this, or have a better solution, please do let me know.
I am working on something simillar to make exactly one webservice anonymous.
Were you able to resolve this issue.
Any help will be appreciated.