403 forbidden error - Attempt to access .jspa, .jspx, or .jsp resource within customer context

We have a bunch of urls that can be accessed by customers. as such, they have been added under a customer context. Sample as below:

<customercontext key="ebCustomerContext" path="/plugins/servlet/eb">
	<uri regex=".*"/>
</customercontext>
<customercontext key="ebCustomerContext2" path="/secure">
	<uri regex="eb-programs.jspa"/>
	<uri regex="/eb-programs.jspa"/>
--- trimmed ---
</customercontext>

So, for example, if you were logged in, there is an option in the navbar that takes you to /secure/eb-programs.jspa

Now on the good side, in our staging environment (and the data centre deployment on which I ran all the tests last month for DC approval) this link loads up the proper page as expected - which is mapped to a webwork action.
But, on the other hand, locally (for both dc and regular server setup) it gives a 403 error (attached image).


Logs show the following message:

WARN anonymous 909x1604x1 1ckebfv 0:0:0:0:0:0:0:1 /secure/eb-programs.jspa [c.a.s.internal.web.CustomerContextSettingFilter] Attempt to access .jspa, .jspx, or .jsp resource /secure/eb-programs.jspa within customer context

No matter what I do, no user in my instance is able to access /secure/eb-programs.jspa directly. I can access it (with a work around??) if I change the url manually to /secure/eb-programs!default.jspa

There is very less documentation about “customercontext” and has no section on the Jira modules page. All information is available only in forums or as response to tickets in the “JSDSERVER” project.

It is my assumption that the issue is elated to some local setup problem, because none of our clients or my team members have encountered this on a staging or a production environment.

Any help or pointers would be really helpful and appreciated. Thank you!