Include mapped roles when setting userInfo in ThreadContext (#5369)

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Author: cwperks

CHANGELOG.md

@@ -13,8 +13,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Use extendedPlugins in integrationTest framework for sample resource plugin testing ([#5322](https://github.com/opensearch-project/security/pull/5322))
 - Refactor ResourcePermissions to refer to action groups as access levels ([#5335](https://github.com/opensearch-project/security/pull/5335))
 - Introduced new, performance-optimized implementation for tenant privileges ([#5339](https://github.com/opensearch-project/security/pull/5339))
-
-- Performance improvements: Immutable user object ([#5212])
+- Performance improvements: Immutable user object ([#5212](https://github.com/opensearch-project/security/pull/5212))
+- Include mapped roles when setting userInfo in ThreadContext ([#5369](https://github.com/opensearch-project/security/pull/5369))
 
 ### Dependencies
 - Bump `guava_version` from 33.4.6-jre to 33.4.8-jre ([#5284](https://github.com/opensearch-project/security/pull/5284))

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java

@@ -279,13 +279,13 @@ public boolean isInitialized() {
         return configModel != null && dcm != null && actionPrivileges.get() != null;
     }
 
-    private void setUserInfoInThreadContext(User user) {
+    private void setUserInfoInThreadContext(User user, Set<String> mappedRoles) {
         if (threadContext.getTransient(OPENDISTRO_SECURITY_USER_INFO_THREAD_CONTEXT) == null) {
             StringJoiner joiner = new StringJoiner("|");
             // Escape any pipe characters in the values before joining
             joiner.add(escapePipe(user.getName()));
             joiner.add(escapePipe(String.join(",", user.getRoles())));
-            joiner.add(escapePipe(String.join(",", user.getSecurityRoles())));
+            joiner.add(escapePipe(String.join(",", mappedRoles)));
 
             String requestedTenant = user.getRequestedTenant();
             if (!Strings.isNullOrEmpty(requestedTenant)) {
@@ -357,7 +357,7 @@ public PrivilegesEvaluatorResponse evaluate(PrivilegesEvaluationContext context)
             context.setMappedRoles(mappedRoles);
         }
 
-        setUserInfoInThreadContext(user);
+        setUserInfoInThreadContext(user, mappedRoles);
 
         final boolean isDebugEnabled = log.isDebugEnabled();
         if (isDebugEnabled) {