The entries in artifactory-request.log shown as "non_authenticated_user" even when anonymous access is allowed, are the ones which tried to authenticate, but then provided incorrect credentials.
If the user is sending a request without providing any sort of credentials, then these entries show up as "anonymous" as long as Allow anonymous access is enabled globally in the Administration -> User Management -> Settings -> Security Configuration page.
However if the Allow Anonymous access is disabled, then all requests that are being sent without any user credentials would show up as "non_authenticated_user" in the artifactory-request.log. Along with that the requests that are being sent with incorrect credentials are also shown as "non_authenticated_user" when Allow Anonymous access is disabled.
The username is seen in the entries of artifactory-request.log when the provided username and password for authentication are correct. The username is also seen for failures when the provided user credentials don't have sufficient privileges to download or deploy a file, which would result in an entry in request.log which will have the username and HTTP status code 403.