Use spnego credentials to access different page

Question

I have an application that is served using jetty 6.1.12 from serverA. serverA is kerberized using the spnego filter and runs fine when I run it from the browser. I am now trying to access a different site (serverB) from one of the classes in the serverA. This new site uses the same authentication scheme i.e., if user can see pages on serverA, he can also see pages on serverB. Is there a way to get the kerberos credentials from the web server (serverA) and pass it on to other places?

The bug report (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6549811) says spnego delegation was fixed a long time ago, so I am thinking there must be a way to do this.

I am using Java 1.6. To do the http call to serverB, I am using apache commons httpclient 3.1.

Answer 1

As I found out, the problem is not with jetty. Delegation seems to work when I use jass.conf for the login.conf file and Http(s)URLConnection instead of the commons httpclient.

Answer 2

Here's a project that shows how to do credential delegation http://spnego.sourceforge.net/credential_delegation.html. The free and open source project uses a SpnegoHttpURLConnection class to make the call from serverA to serverB.