I am trying to implement security by retrieving user and roles from database. With the help of people from this forum i have managed most of the steps. right now. When i try to go in in a get the following exception:

org.hibernate.hql.ast.QuerySyntaxException: unexpected token: form near line 1, column 10 [select u form user u where u.username = 'giannisapi']
org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:31)
org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:24)
org.hibernate.hql.ast.ErrorCounter.throwQueryException(ErrorCounter.java:59)
org.hibernate.hql.ast.QueryTranslatorImpl.parse(QueryTranslatorImpl.java:258)
org.hibernate.hql.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:157)
org.hibernate.hql.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:111)
org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:77)
org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:56)
org.hibernate.engine.query.QueryPlanCache.getHQLQueryPlan(QueryPlanCache.java:72)
org.hibernate.impl.AbstractSessionImpl.getHQLQueryPlan(AbstractSessionImpl.java:133)
org.hibernate.impl.AbstractSessionImpl.createQuery(AbstractSessionImpl.java:112)
org.hibernate.impl.SessionImpl.createQuery(SessionImpl.java:1623)
org.intan.pedigree.dao.UserEntityDAOImpl.findByName(UserEntityDAOImpl.java:24)
org.intan.pedigree.service.UserDetailsServiceImpl.loadUserByUsername(UserDetailsServiceImpl.java:27)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
$Proxy296.loadUserByUsername(Unknown Source)
org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:86)
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:129)
org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)
org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)
org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:148)
org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:97)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

my applicationContext-security looks like:

    <beans:bean id="userDetailsService" class="org.intan.pedigree.service.UserDetailsServiceImpl"></beans:bean>
<context:component-scan base-package="org.intan.pedigree" />
<http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
</http>

 <beans:bean id="daoAuthenticationProvider"
    class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref local="daoAuthenticationProvider" />
        </beans:list>
    </beans:property>
</beans:bean>


<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="plaintext" />
    </authentication-provider>
</authentication-manager>

my userdetailsserviceimpl is:

    @Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private UserEntityDAO dao;
    @Autowired
    private Assembler assembler;

    @Transactional(readOnly = true)
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException, DataAccessException {

        UserDetails userDetails = null;
        UserEntity userEntity = dao.findByName(username);
         if (userEntity == null)
              throw new UsernameNotFoundException("user not found");

        return  assembler.buildUserFromUserEntity(userEntity);
    }
}

my assembler for making a an object of spring user is:

    @Service("assembler")
public class Assembler {

  @Transactional(readOnly = true)
  User buildUserFromUserEntity(UserEntity userEntity) {

    String username = userEntity.getUsername();
    String password = userEntity.getPassword();
    boolean enabled = userEntity.isActive();
    boolean accountNonExpired = userEntity.isActive();
    boolean credentialsNonExpired = userEntity.isActive();
    boolean accountNonLocked = userEntity.isActive();
    Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    for (SecurityRoleEntity role : userEntity.getUserSecurityRoleEntity()) {
      authorities.add(new GrantedAuthorityImpl(role.getName()));
    }

    User user = new User(username, password, enabled,
      accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    return user;
  }
}

my userentitydaoimpl is:

    @Repository
public class UserEntityDAOImpl implements UserEntityDAO{

    @Autowired
    private SessionFactory sessionFactory;

    public void addUserEntity(UserEntity user) {
        try {
        sessionFactory.getCurrentSession().save(user);
        } catch (Exception e) {
            System.out.println(e);
        }
    }

    public UserEntity findByName(String username) {
        UserEntity user = (UserEntity) sessionFactory.getCurrentSession().createQuery(
                "select u form user u where u.username = '" + username + "'");
        return user;

    }

    public UserEntity getUserEntityByID(Integer id) {
        UserEntity user = (UserEntity) sessionFactory.getCurrentSession().createQuery(
                "select u form user u where id = '" + id + "'");
        return user;
    }
    public void updateUserEntity(UserEntity user) {
        try {
        sessionFactory.getCurrentSession().update(user);
        } catch (Exception e) {
            System.out.println(e);
        }
    }

    public List<UserEntity> listUserEntity() {

        return sessionFactory.getCurrentSession().createQuery("from User")
                .list();
    }

    public void removeUserEntity(Integer id) {
        UserEntity user = (UserEntity) sessionFactory.getCurrentSession().load(
                UserEntity.class, id);
        if (null != user) {
            sessionFactory.getCurrentSession().delete(user);
        }

    }
}

and my userentity that matches to the database is::

    package org.intan.pedigree.form;

import java.util.Date;
import java.util.HashSet;
import java.util.Set;

import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.validation.constraints.NotNull;
@Entity
@Table(name="user")
public class UserEntity {

    @Id
    @GeneratedValue
    @Column(name="ID")
    private int id;
    @Column(name="first_name")
    private String first_name;
    @Column(name="family_name")
    private String last_name;
    @Column(name="dob")
    private Date dob;
    @Column(name="password")
    private String password;
    @Column(name="username")
    private String username;
    @Column(name="active")
        @NotNull
    private boolean isActive;
    @Column(name="user_types_id")
    private int user_types_id;
    @Column(name="confirm_password")
    public String confirmPassword;
    @OneToMany(cascade = CascadeType.ALL)
    @JoinTable(name = "user_address", joinColumns = { @JoinColumn(name = "user_id") },
            inverseJoinColumns = { @JoinColumn(name = "address_id") })
    private Set<Address> userAddress = new HashSet<Address>(0);
    /*******************************************************************************/
    @OneToMany(cascade = CascadeType.ALL)
    @JoinTable(name = "user_security_role", joinColumns = { @JoinColumn(name = "user_id") },
            inverseJoinColumns = { @JoinColumn(name = "security_role_id") })
    private Set<SecurityRoleEntity> userSecurityRoleEntity = new HashSet<SecurityRoleEntity>(0);

    public Set<Address> getUserAddress(){
        return this.userAddress;
    }

    public void setUserAddress(Set<Address> userAddress) {
        this.userAddress = userAddress;
    }
    /*****************************************************************************/

    public Set<SecurityRoleEntity> getUserSecurityRoleEntity(){
        return this.userSecurityRoleEntity;
    }

    public void setUserSecurityRoleEntity(Set<SecurityRoleEntity> userSecurityRoleEntity) {
        this.userSecurityRoleEntity = userSecurityRoleEntity;
    }


    public boolean isActive() {
        return isActive;
    }

    public void setActive(boolean isActive) {
        this.isActive = isActive;
    }

    public String getConfirmPassword() {
        return confirmPassword;
    }
    public void setConfirmPassword(String confirmPassword) {
        this.confirmPassword = confirmPassword;
    }
    public int getId() {
        return id;
    }
    public void setId(int id) {
        this.id = id;
    }
    public String getFirst_name() {
        return first_name;
    }
    public void setFirst_name(String first_name) {
        this.first_name = first_name;
    }
    public String getLast_name() {
        return last_name;
    }
    public void setLast_name(String last_name) {
        this.last_name = last_name;
    }
    public Date getDob() {
        return dob;
    }
    public void setDob(Date dob) {
        this.dob = dob;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public int getUser_types_id() {
        return user_types_id;
    }
    public void setUser_types_id(int user_types_id) {
        this.user_types_id = user_types_id;
    }


}

do you guys happen to have met this error before?

thanks in advance