Plugin public API without JSESSIONID

Kamil Koszarny {Appfire} February 3, 2023

Is it possible to implement public API in plugin, which will not require JSESSIONID cookie?

Can I configure atlassian-plugin.xml file so JSESSIONID is not required for some URLs? I assume in Jira code there is a Spring security configuration (e.g. extending WebSecurityConfigurerAdapter) and filter in chain. Normally it would be a place to define that JSESSIONID is not required, by setting SessionCreationPolicy to STATELESS:
protected void configure(final HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 
I can add additional filters in atlassian-plugin.xml, but cannot modify existing. 
Maybe you can propose some workaround? 

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events