When CWD-314 was implemented we were able to meet the current functionality for JIRA & Confluence integration by having Crowd's JIRA integration (via Seraph) use the credentials present in the URL to be used for that given request; when grabbing RSS feeds from JIRA.

To take this one step further we should now use the authenticated 'browser user' and not the credentials present in the request to authenticate the user; however we may need to keep backwards compatibility here by allowing both.

Currently the Confluence jiraissue macro makes its request on the server side to JIRA, this means that Confluence is making the request to JIRA and not the browser, so any credentials present in the browser session are not used by Confluence for the request. We have two options (from what I can see to implement this feature):

1. Provide a configuration item to the jiraportlet marco to tell it to grab the Crowd authentication token from the users session (cookie) and use that (assuming that we are on the same domain).
2. Re-write the plugin as an 'ajax-based' macro so the browser makes the request and not Confluence, this would then simply use the currently authenticated Confluence user for the request on JIRA.