The reason for this issue is the following:
The changes in
JENKINS-3796 removed the passing of the Authentication object to the CliManagerImpl and made the CLI authentication more extensible. The one problem with it is that you need the Authentication to be passed into the CliManagerImpl class if one is using the LegacySecurityRealm (i.e. container auth). Without this issue being fixed, the CLI user will always be 'anonymous' if container based authentication is relied upon.
A summary of the changes:
1) Restore CliManager constructor to take an Authentication object which in turn will be passed on to the CLICommand implementation.
2) Create an overloaded createCliAuthenticator method in SecurityRealm which takes an Authentication object
3) Let it be up to the SecurityRealm implementation if createCliAuthenticator will consider the Authentication object when creating the CliAuthenticator
4) Only the LegacySecurityRealm (currently at least) will override createCliAuthenticator(CLICommand command, Authentication auth) and use the Authentication object passed in for the creation of its CliAuthenticator. No other SecurityRealms will be affected by these changes.
5) Update GroovyshCommand to include updates that appear to have been missed in
JENKINS-3796 along with changes relative to this ticket.