If I understand correctly, if your client authenticates, there must be an ACL for that principal, otherwise it will fail authorization.
If you are going to allow everything anyway, perhaps you don't need to authenticate?
- ACLs - How To Allow Anyone To Access of A Topic Jun Wang
- Re: ACLs - How To Allow Anyone To Access of A Topic Andrew Otto
