@Inject
IdentitySession identitySession;
public String changePassword() throws IdentityException {
if (!identitySession.getAttributesManager().validateCredentials(identity.getUser(),
new Credential[]{new PasswordCredential(oldPassword)})) {
// TODO add a message
return "failed";
}