I’m working on a plugin which I ultimately want to release for both server and cloud. Additionally, one of the features I require is not yet stable in Confluence server and all of the classes are part of the experimental Java API. For that reason, I am considering accessing it not directly through Java but through its REST API. Given that I’ll have to use REST when developing the cloud addon either way, this would allow me to reuse a lot of my code.
I am able to send generic requests using Jersey, but I’m wondering if there is some sane way to call the REST API from within the server whilst using the permissions of a given client. In theory, my plugin will react to events raised by updating pages. It will then do some magic and call one of the native REST APIs of Confluence, but when doing so it needs to impersonate the user, such that permissions are guaranteed to be in check.
I’d appreciate any help.