Using a case insensitive resource manager or servlet mappings makes it nearly impossible to use path(), path-prefix() or path-prefix() for any sort of security.

path-prefix( /admin ) -> response-code( 401 )

as an attacker can simply upper case a letter in the URL such as /Admin and now the predicate no longer matches.  This requires me to use regex() predicates for nearly anything.  Both path() and path-prefix() use use the same `PathMatcher` class.  path-suffix() just uses String.endsWith().  

It should be fairly easy to adopt these mechanisms to have a case-insensitive version.  The question then becomes if the predicate syntax should change to this:

path-prefix( path="/admin", case-sensitive=false );

 or...

path-prefix-nocase( /admin )

I realize there is precedent for the first option in the regex() predicate, but I'm a fan of the second option as it's easier to type and easier to read.