I created a JAX-RS application using blade.The application class is configured with these properties.

[code]@Component(
        property = {
                JaxrsWhiteboardConstants.JAX_RS_APPLICATION_BASE + "=/issue-admin-rest-api/project",
                JaxrsWhiteboardConstants.JAX_RS_NAME + "=Project.Configuration",
                "auth.verifier.guest.allowed=false",
                "oauth2.scopechecker.type=none"
        },
        service = Application.class
)
public class AdminRestAPIApplication extends Application {

}

The documentation states: "When you deploy a JAX-RS application, an Auth Verifier filter is registered for it." and then says how to disable basic auth keeping only portal session and oauth2. 

When I'm logged in as admin and try to invoke these API via javascript I always get a 403 response error. The JSESSIONID is sent over the Cookie header to the API so I'm expecting the API to respond instead of refusing all the requests.I tried different approaches (CXF endpoints, Service Access Policy, API Authentication, AuthVerifierFilterTracker.config) but none of them worked. 

How can I configure the module so that logged in users can invoke the API? Using Liferay Liferay Community Edition Portal 7.3.0 CE GA1.

Related questions: 
https://liferay.dev/forums/-/message_boards/message/119533528 
https://liferay.dev/forums/-/message_boards/message/117823352