Clients such as the WildFly CLI provide a CallbackHandler implementation in case it is needed and not as a sign that it must be used, i.e. the desired outcome is that if the information required can be obtained from the configuration then authentication proceeds without interaction with the end user.

Neither the CLI or the end user should be required to be fully aware of the underlying security configuration.

This is similar to web browser HTTP authentication where there is only an interaction with the user if actually required.