Is it possible to implement public API in plugin, which will not require JSESSIONID cookie?
Can I configure atlassian-plugin.xml file so JSESSIONID is not required for some URLs? I assume in Jira code there is a Spring security configuration (e.g. extending WebSecurityConfigurerAdapter) and filter in chain. Normally it would be a place to define that JSESSIONID is not required, by setting SessionCreationPolicy to STATELESS:
protected void configure(final HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
I can add additional filters in atlassian-plugin.xml, but cannot modify existing.
Maybe you can propose some workaround?