Just a quick tip, here is how you force your webapp to be served in HTTPS only. Open your web.xml file and add this security constraint

<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Follow me on twitter @rasensio