If a resource with 'Set-Cookie' header is cached (either by intermediary
like HTTP proxy and reverse proxy, or by the browser), it'll cause
identity swap / session mix-up as discussed in this ticket.

I suspect this was caused by HttpSessionContextIntegrationFilter2, which
is the only code path that attempts to create a session when a request
to a static resource is made.

So I'm disabling the creation of session in
HttpSessionContextIntegrationFilter2. This in turn requires that we
have sessions already created when the authentication was successful and
people need to login (or else the login will have no effect.)

We already do so in layout.jelly, so any request that renders a Jenkins
page would have a session, but I've also added it in
AuthenticationProcessingFilter2, which ensures that a successful login
does have a session.

When a client uses the buildWithParameters API and request a json output, return the job definition as a json string instead of doing a redirect on the job page.

Conflicts:

	changelog.html

(cherry picked from commit 2e5a7bf4)

This reverts commit 9a1ad74b. The bits
aren't yet synchronized to central apparently.

Conflicts:

	changelog.html

This is also related to [JENKINS-9778].

[FIXED JENKINS-8214] Added a DISCOVER permission to allow anonymous users to be presented the login screen when accessing job URLs

Maven Job

If the -U flag is specified in the goals/options of the build step of a
Maven job, it should be used as well in the parsing step.

[Re-FIXED JENKINS-12457] 'Age' column on 'Test Result' tab may show incorrect value when a test suite divided into multiple junit files