Thanks for writing in here.
Let me know if I misunderstood, but are you asking how to account for users that haven't been identified? If this is the case, you should pass the anonymousId from the client, and use that over the userId.
Or if you are asking a failed login, knowing that the user failed to login implies you have the userId for said user, and can pass in a analytics.track('Login Failed') event with the userId.
The java SDK does not require a userId. If the user does not have a userId, you should generate an anonymousId or get it from the client and supply that.
Here is a great help article that outlines best practices for identifying users as well as sending traits from the client to your server:
Hope this helps!
I apologize for the lack of clarity. You should pass the anonymousId from the client to the server if you want to track anonymous users consistently across the client and server. You can populate the value you grab from the client to the server in the anonymousId property, and save the userId for the moment you successfully identify the user and pass in a UUID.
You are assuming correctly that you will have to handle grabbing the value for the anonymousId from the client and then passing it in the anonymousId down to the server.
Let me know if this makes more sense!