ModeShape does not have something built-in for this. It does have a configuration attribute called "anonymous-username" which it will use that for *all* unauthenticated users, which I don't think is what you're after.

One thing you can try is to have a look/updated ModeShape's <security-domain name="modeshape-security" cache-type="default"> (from the EAP config). By default, this only uses a UsersRoles login module which requires the .properties files you mentioned. You can try to change/add another login-module to it, which doesn't use properties files and which will basically authenticate all users and assign them a dummy role (e.g. guest). This way each user will appear as authenticated and its own username will be returned.

You can find more information about the available login modules in EAP here: JBoss AS7 : Security Domain Model

You can try something like:

             <security-domain name="modeshape-security" cache-type="default">

                    <authentication>

                        <login-module code="UsersRoles" flag="required">

                            <module-option name="usersProperties" value="${jboss.server.config.dir}/modeshape-users.properties"/>

                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/modeshape-roles.properties"/>

                        </login-module>

                      <login-module code="org.jboss.security.ClientLoginModule" flag="required" ></login-module> 

                    </authentication>

            </security-domain>

I'm not sure it will work like this out-of-the-box, but you can investigate further. Also look at http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Login_Modules.htm