sql server - Using Kerberos S4U extensions (introduced in Java 8) to connect to database using JDBC -

it's been while since coded in java, may missing obvious. want connect database (i need support many - sql server, mysql, etc.) via jdbc. however, want use microsoft s4u java extension support added in java 8 achieve kerberos delegation. not want user have enter credentials on middle-tier server. use s4u ticket middle-tier server on user's behalf , use invoke jdbc code via doas functions (subject.doas or doasprivileged).

i have added support protocol transition , constrained delegation on windows using c++ , odbc. don't know how same java. s4u documentation on java sparse. page seems contain information - http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/jgss-features.html. page says "a new public method (gsscredential::impersonate) has been added com.sun.security.jgss package implement these extensions." based on http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/single-signon.html, thinking need use classes logincontext , subject invoke doas on jdbc connection call connection goes through under subject's credentials. how use gsscredential::impersonate in mix?

thanks, ed

this code arrived @ after lot of spelunking online:

   gssmanager manager = gssmanager.getinstance();    gsscredential self  = manager.createcredential(gsscredential.initiate_only);    gssname user = manager.createname("myuser", gssname.nt_user_name);    gsscredential impcred = ((extendedgsscredential)self).impersonate(user);     subject mysubject = new subject();    mysubject.getprivatecredentials().add(impcred);    privilegedaction action = new clientaction();    subject.doas(mysubject, action); 

i "gssexception: failure unspecified @ gss-api level (mechanism level: attempt obtain s4u2self credentials failed!)" on impersonate call, still investigating.