I have a gwt 2.1 app with Spring-security(3.0.5) providing security for the app. I'm also using Hibernate 3.5.0 for persisting the data from the db.

Now there is a very weird problem that I have. The authentication only works if the user's password matches their username. for exampel if a user has the username 'user' then the password has to be 'user' for it to authenticate. If a user's password is different from their username, it spews out this error.

Code:
[DEBUG] [btpool0-0 06:58:39] (ProviderManager.java:doAuthentication:127) Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
Hibernate: select user0_.id as id0_, user0_.accountNonExpired as accountN2_0_, user0_.accountNonLocked as accountN3_0_, user0_.credentialsNonExpired as credenti4_0_, user0_.enabled as enabled0_, user0_.first_name as first6_0_, user0_.other_names as other7_0_, user0_.password as password0_, user0_.phone as phone0_, user0_.username as username0_, user0_.zone_id as zone11_0_ from users user0_ where user0_.username=?
[DEBUG] [btpool0-0 06:58:40] (DaoAuthenticationProvider.java:additionalAuthenticationChecks:69) Authentication failed: password does not match stored value
[DEBUG] [btpool0-0 06:58:40] (AbstractAuthenticationProcessingFilter.java:unsuccessfulAuthentication:318) Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
[DEBUG] [btpool0-0 06:58:40] (AbstractAuthenticationProcessingFilter.java:unsuccessfulAuthentication:319) Updated SecurityContextHolder to contain null Authentication
This is an excerpt of my applicationContext.xml
Code:
	<beans:bean id="userDetailsService"
		class="com.scarab.precisionWeb.server.auth.UserDetailsServiceImpl">
	</beans:bean>
	
	<beans:bean id="daoAuthenticationProvider"
 class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  <beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
  <beans:property name="providers">
    <beans:list>
      <beans:ref local="daoAuthenticationProvider" />
    </beans:list>
  </beans:property>
</beans:bean>

<authentication-manager>
  <authentication-provider user-service-ref="userDetailsService">
    <!-- password-encoder hash="md5"/ -->
  </authentication-provider>
</authentication-manager>
this is my UserDetailsService implementation class
Code:
@Service("userDetailsService")
@Transactional
public class UserDetailsServiceImpl implements UserDetailsService {

	@Autowired public UserDao dao;

	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {
		User userEntity = dao.findByUsername(username);
		if (userEntity == null) {
			throw new UsernameNotFoundException("User not found");
		} else {
			String name = userEntity.getUsername();
			String password = userEntity.getPassword();
			boolean enabled = userEntity.isEnabled();
			boolean accountNonExpired = userEntity.isEnabled();
			boolean credentialsNonExpired = userEntity.isEnabled();
			boolean accountNonLocked = userEntity.isEnabled();
			
			

			List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
			authorities.add(new GrantedAuthorityImpl("ROLE_USER"));

			return new User(authorities, name, password, enabled,
					accountNonExpired, credentialsNonExpired, accountNonLocked);
		}
	}
}
and my RPC authentication server class
Code:
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import com.scarab.precisionWeb.client.AuthService;



@SuppressWarnings("serial")
public class AuthServiceImpl extends RemoteServiceServlet implements AuthService {

	@Override
	public String retrieveUsername() {		
		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		
		if (authentication==null) {
			System.out.println("Not logged in");
			return null;
		}
		else {
			return (String) authentication.getPrincipal();
		}
		
	}
	
}
The reason as to why it only allows authentication to users where their username and password match is still a mystery to me. Where I'm I going wrong. Help is highly appreciated.