The domain is "ecommerce"
java:/jaas/ecommerce is the jndi binding.
thanks for the reply
i changed the security domain to ecommerce, and it doesnt give any errors, yet it still gives me the 403 error without authenticating the user again.
when exactly do i need to execute this code to flush it..
Are you sure this isn't the BASIC login config
Some web browsers (e.g. IE) cache the information.