This is a servlet to accept a username and current and new passwords through a form on a web page and change the user's entry in a password file otherwise maintained with htpasswd for basic authentication in a .htaccess file.
The source is available below. Paths and patterns must be configured in web.xml. The servlet must be installed as sketched in server.xml.
This means the servlet must be able to read and write the password files. This is not a security problem because the password files need not be visible from the Apache web server. Alternatively, htupdate could be changed to perform file management and suid-ed.