I'm also trying to switch off authentication, in Jasper 3.7.0 CE. I want to provide single sign on through an Apache proxy, so when the request reaches the jasperserver, I want it to act as if a ROLE_USER is logged in. When I make the changes to applicationContext-security.xml suggested in this thread or related threads, I get this error: 2010-06-17 12:24:19,556 ERROR SearchAction,http-8080-Processor25:270 - SEARCH_ERROR: Can't load search result. java.lang.ClassCastException: java.lang.String at com.jaspersoft.jasperserver.search.filter.FolderFilter.hasRole(FolderFilter.java:101) at com.jaspersoft.jasperserver.search.filter.FolderFilter.addRoleAccessUrlsRestrictions(FolderFilter.java:81) at com.jaspersoft.jasperserver.search.filter.FolderFilter.applyRestrictions(FolderFilter.java:75) ... I made these changes: 1. gave access to ROLE_ANONYMOUS to the repository root. 2. modified the filterInvocationInterceptor bean to add ROLE_ANONYMOUS to URLs (I tried several combinations). e.g. /flow.html=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS 3. modified the flowVoter bean to add ROLE_ANONYMOUS to the * row (I also tried adding to other rows) e.g. *=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS 4. restarted jasperserver I also tried editing the anonymousProcessingFilter but just got errors. Does anyone know if the process is different in 3.7 from previous versions, and what the settings are? Thank you, Jason