Well, even if I create a JUnit test case...would that really help if you guys don't have the same JBoss configuration as I do on the back-end? (Unless I zip up my whole WAR and my JBoss config and send that too?) Here are some more details on the simplest way to reproduce this problem: 1) I've created a simple WAR with a login page and just one JSP page that is protected using J2EE (JEE) declaritive security in web.xml. Here is the relevant section of my web.xml file: | <login-config> | <auth-method>FORM</auth-method> | <realm-name>Example Form-Based Authentication Area</realm-name> | <form-login-config> | <form-login-page>/login.jsp</form-login-page> | <form-error-page>/oops.jsp</form-error-page> | </form-login-config> | </login-config> | | <security-constraint> | <display-name>Security Constraint for "customers"</display-name> | <web-resource-collection> | <web-resource-name>Protected Area</web-resource-name> | <url-pattern>/pages/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>customers</role-name> | </auth-constraint> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <security-role> | <role-name>customers</role-name> | </security-role> | 2) My login.jsp page is just a standard j_security_check form with the fields "j_username" and "j_password" 3) I'm using the standard JBoss login-config.xml, which defaults to the application-policy of "other" (since I don't specify one in my WAR), which uses users.properties and roles.properties for usernames and passwords and roles. I've also reproduced this problem when I try to use a Database or LDAP server for user authentication. So the authentication mechanism is probably not the issue. But using properties-based authentication is the easiest way to reproduce this problem. 4) I setup a user with an English name and English password in "users.properties" and "roles.properties". And I also setup a user with a Russian name and Russian password in the same properties files. (Russian, or Chineese, or any name and password that requires wide characters) 5) I run my site, and I try to access the protected page. The login page is displayed. I can login as the English user, but not the Russian user. Does this help any? =) If you need a JUnit test, I can see what I can come up with for that too. Thanks! Robert Pappas View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962274#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...