It's not clear that there is a datawolf.authentication attribute to lock down the REST API unless you're familiar with the source code. It would be better to add the following to datawolf-service:
USE_AUTH=false
java ... -Ddatawolf.authentication=${USE_AUTH}....