The question was answered by Sam Raju / Hans Dumbrajs in thread .

Hereafter is an even more radical method that I used with a Netweaver 2004 SP12.

But BEWARE! this is VERY bad practice, because authentication becomes disabled for ALL web services. It must only be used on a development system. Moreover, from SP14, there are many more options that would allow to turn this on/off per web service. I used it once, just to sort out service design issues from authentication burdens and then I quickly restored a proper config as we fought with WS-security settings in a remote system that had to call a service hosted on XI.

Here is: locate the web.xml deployment descriptor for the server at stake. You should find it on a path like:

/usr/sap/<systemID>/DVEBMGS00/j2ee/cluster\server0/apps/sap.com

/com.sap.aii.af.soapadapter/servlet_jsp/XISOAPAdapter/root/WEB-INF

Then SAVE A COPY of the web.xml file.

Edit the web.xml and remove the three sections:

<security-constraint>, <login-config>, and <security-role>

Login to the J2EE visual Admin console go to cluster tab, Server 0... and right-click REBOOT.

There you are.

Strongly recommended: learn about WS-security and upgrade to SP14 or above to get back in control of security issues.

(the truth is that integration systems are ever-ever-ever more complex year after year...)