if you want to use only https connection you have to add following security to your web.xml file:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>YourApplication</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>