diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
index 81e9c56299..a29b573207 100644
--- a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
+++ b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
@@ -315,7 +315,7 @@ public class AuthorityDAOImpl implements AuthorityDAO, NodeServicePolicies.Befor
                 query.append(" AND @").append(
                         LuceneQueryParser.escape("{" + ContentModel.PROP_USERNAME.getNamespaceURI() + "}"
                                 + ISO9075.encode(ContentModel.PROP_USERNAME.getLocalName()))).append(":\"").append(
-                        displayNamePattern).append("\"");
+                                        LuceneQueryParser.escape(displayNamePattern)).append("\"");
 
             }
             if (type == null)
@@ -334,16 +334,16 @@ public class AuthorityDAOImpl implements AuthorityDAO, NodeServicePolicies.Befor
                 // Allow for the appropriate type prefix in the authority name
                 if (type == null && !displayNamePattern.startsWith("*"))
                 {
-                    query.append("*").append(displayNamePattern);
+                    query.append("*").append(LuceneQueryParser.escape(displayNamePattern));
                 }
                 else
                 {
-                    query.append(getName(type, displayNamePattern));
+                    query.append(getName(type, LuceneQueryParser.escape(displayNamePattern)));
                 }
                 query.append("\" OR @").append(
                         LuceneQueryParser.escape("{" + ContentModel.PROP_AUTHORITY_DISPLAY_NAME.getNamespaceURI() + "}"
                                 + ISO9075.encode(ContentModel.PROP_AUTHORITY_DISPLAY_NAME.getLocalName()))).append(
-                        ":\"").append(displayNamePattern).append("\")");
+                        ":\"").append(LuceneQueryParser.escape(displayNamePattern)).append("\")");
             }
             if (type == null)
             {
diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java
index da2fcd82ba..4ec92b705f 100644
--- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java
+++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceTest.java
@@ -239,6 +239,13 @@ public class AuthorityServiceTest extends TestCase
         assertEquals(1, pubAuthorityService.getAllRootAuthoritiesInZone("Three", AuthorityType.GROUP).size());
     }
 
+    public void test_ETWOTWO_400()
+    {
+        String auth = pubAuthorityService.createAuthority(AuthorityType.GROUP, "wo\"of");
+        Set<String> authorities = pubAuthorityService.findAuthorities(AuthorityType.GROUP, null, true, "wo\"of*", AuthorityService.ZONE_APP_DEFAULT);
+        assertEquals(1, authorities.size());
+    }
+    
     public void testGroupWildcards()
     {
         long before, after;