When using Catalyst::Test the request method may be of use to you where your URI's require Authentication credentials.
This method can take a HTTP::Request object which allows you to set up the request information beyond a URI string. Most notably as shown in the synopsis, you will want to set up the user agent to support passing in the credentials and cover things like persisting cookies which is the likely session state implementation.
See LWP::UserAgent for more information on this.
As to your questions considering why some URI's require authentication and some don't, it depends on how things are set up in code. Even if there is a general call to authenticate in the begin
or auto
action in the Root controller, the dispatch process may be overridden. Taking some time to digest the following may apply.
Introduction to Catalyst: Built-in actions in controllers/autochaining