One of my colleague in QA team reported a bug to me, the bug said that can't change password to lowercase, otherwise login is rejected,using number or uppercase is all fine. The login system was implemented using acegi 1.0 (now called Spring Security).

This was a very strange bug,changing password is done by encrypting the user input string into MD5 string, I implemented this without using anything related acegi, I don't if the is the origin cause of the problem.

When the login is rejected, through debugging, I find that, the user input is converted into uppercase by acegi when passing to the acegi comparing logic. At first, I didn't believe this, when I checkout the acegi source and debugging with it, I find it does convert both username and password to uppercase (source code line 121), Can you tell me why it does this? This can cause password encoding mismatch!