Normally, the 'useAnonymousAccessOnFailedLogin' repository option should control whether the repository, when authenticating a request to create a session with user-supplied credentials and those credentials do not authenticate, will fallback to the anonymous credentials and always create a session.

However, there appears to be a logic problem in the code from a recent change. First, the 'anonymousUserCredentials' field is of type 'Credentials', but line 970 is setting it as a boolean value.