With a line of java code this should be solved easily:
Core.authenticate(Core.createSystemContext(), user, this.password);
pass the username and entered password to the java action and return the result of the line above.
If the scenario is that the manager approves of something at the technician's computer, while the technician is logged in, be aware that the default implementation of this is HORRIBLY insecure: a technician can open the dev tools in his browser, and see the account name and password of the manager! From then on, he can then simply log in as manager. Furthermore, with password reuse being a thing, the manager probably has the same password for this application as many other accounts/applications in the organization!
A far better solution would be to use account name and one time tokens, e.g. from the Google Authenticator app.