Simple: don't. It's a massive security risk - you should not be able to recover passwords at all. To do that, you have to store the password in clear text, or encrypt it - and both are very bad! Instead, you should hash the password. There is some information on how to do it here:
Password Storage: How to do it.[
^] - it's in C# so it's probable that you will have to work out the Java equivalent, but it's pretty basic code so that shouldn't be too much of a problem.
When the users forgets his password, you email a random password to his registered email address. He then logs in using that, and you can let him change it to something he might remember.