I am using HttpServletRequest.login() method provided by servlet 3.0 in a Java EE-container (jdbc-realm) and all works fine.
According to this [Java EE 6: How to implement "Stay Logged In" when user login in to the web application, I have implemented a remember-me-method.
However I stuck with the following in the filter-class:
if (user != null) {
request.login(user.getUsername(), user.getPassword());
request.getSession().setAttribute("user", user); // Login.
addCookie(response, COOKIE_NAME, uuid, COOKIE_AGE); // Extends age.
}.
I have a jdbc-realm with encrypted pw, how can I make the container-managed-authentication via rememberMe? user.getPassword() needs the clear (unhashed) pw which I cannot know! I do not want to store clear passwords in the db.
If the ready-use login module that you use only accepts the clear (unhashed) password, then you probably would need to modify it, and then install that modified version.
Your existing JDBC-realm most likely has a vendor specific login module, but Java EE 6 does have a standardized dedicated API for building login modules (auth modules), which is called JASPIC. See this article for some background.
Incidentally for a OmniFaces sub-project called OmniSecurity we have been prototyping a JASPIC auth module which also supports remember me. It's open source so you could use it for inspiration.