I guess that use case is not implemented in the IdentityManager, among other things.  I'm still trying to figure out how to list firstname and lastname of the User.  I can include it if I extend the userAction object and call editUser(username) but if I am just creating a list or view screen, it seems those attributes are inaccessible without going around the API to get to the underlying storage.

I really like the way it's structured, but it looks like there is a lot of additional work to do getting it implemented in a real application.  I'm not sure at this point if I want to actually try to use it, or just stick with plain JAAS.  Has anybody worked with the new SEAM credentials and JAAS?

We integrated Seam 2.1 security by extending identityManager where required.

Maybe we can go back to the topic!?
I have the same problem as Michael, I wan't that the user who changes his password has to enter the old password.

Yes I know I can load the user from my datasource to get the old password, but the really problem is that I need to grant him the seam.user:update permission...

Are there any solutions for this problem?
I think this use case will be very common...

Sure you can check the old password.  Use IdentityManager.authenticate().