[ https://issues.jboss.org/browse/ELY-865?page=com.atlassian.jira.plugin.sy... ] Jan Kalina updated ELY-865: --------------------------- Description: All security realm now provides user-provided username as realmIdentity principal. That can be problem, if identity search is case-insensitive - for example: * Lets have filesystem realm on windows - user will write "FIRSTuser", because filesystem is caseinsensitive realm will correctly found "firstUser" - but it can obtain two different NamePrincipals - the same user can be two different users for application running on AS * the same problem can occure if LDAP search is case-insensitive - not sure, but I think this is case of Active Directory * the same can probably occure for JDBC, if database column is defined as case-insensitive was: All security realm now provides user-provided username as realmIdentity principal. That can be problem, if identity search is case-insensitive - for example: * Lets have filesystem realm on windows - user will write "FIRSTuser", because filesystem is caseinsensitive, realm correctly found "firstUser" - but they will obtain two different NamePrincipal - the same user can be two different users for application running on AS * the same problem can occure if LDAP search is case-insensitive - not sure, but I think this is case of Active Directory * the same can probably occure for JDBC, if database column is defined as case-insensitive -- This message was sent by Atlassian JIRA (v7.2.3#72005)