Currently, all CeQ web services are protected by an Authentication filter, which is responsible for determining whether the incoming request is valid based on the user's credentials stored in session and/or cookie data.
For secured services (those that I created for use by web venue plugins such as Web Space Server / Liferay), these services do not rely on cookie/sso-based authentication, since it is presumed that the system is configured so that these services can only be used by authorized clients (e.g. using SSL). These services should not be protected by the Authentication servlet.
It is not possible to filter URLs using the simplified <url-pattern> JEE web.xml construct, as it is very limiting. Instead, introduce a filter configuration variable that allows the definition of a regular expression, which, when not matched, will skip the Authentication filter.