Contrary to the declarative approach (see the previous recipe in this chapter), here we are using code to validate the user. We've done it by implementing the IdentityStore interface.
For example, even though we've hardcoded the password, you can use the same piece of code to validate the password against a database, LDAP, an external endpoint, and many more:
if (usernamePasswordCredential.getCaller().equals(Roles.ADMIN) && usernamePasswordCredential.getPassword().compareTo("1234")) { return new CredentialValidationResult( new CallerPrincipal(usernamePasswordCredential .getCaller()), new HashSet<>(asList(Roles.ADMIN))); } else if (usernamePasswordCredential.getCaller() .equals(Roles.USER) && usernamePasswordCredential. ...