Fixed support for lowercase usernames and passwords.

core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java

@@ -110,14 +110,28 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
                 .getMessage());
         }
 
-        if (!user.isEnabled()) {
-            throw new DisabledException("User is disabled");
+        if ((!this.ignoreUsernameCase)
+            && (!user.getUsername().equals(authentication.getPrincipal()
+                                                         .toString()))) {
+            throw new BadCredentialsException("Bad credentials presented");
+        }
+
+        if (!user.getPassword().toLowerCase().equals(authentication.getCredentials()
+                                                                   .toString()
+                                                                   .toLowerCase())) {
+            throw new BadCredentialsException("Bad credentials presented");
         }
 
-        if (!user.getPassword().equals(authentication.getCredentials().toString())) {
+        if ((!this.ignorePasswordCase)
+            && (!user.getPassword().equals(authentication.getCredentials()
+                                                         .toString()))) {
             throw new BadCredentialsException("Bad credentials presented");
         }
 
+        if (!user.isEnabled()) {
+            throw new DisabledException("User is disabled");
+        }
+
         return new UsernamePasswordAuthenticationToken(user.getUsername(),
             user.getPassword(), user.getAuthorities());
     }