OK, so you're talking about form-based authentication. Any decent servlet/JSP tutorial/book covers that. You'll also need to consult the documentation of whichever
servlet container you're using on how to enable SSL.
You can use the HttpServletRequest.isSecure method to find out whether a request came through a secure channel, and take appropriate action if it didn't. If you want to require the use of SSL for certain parts of the web app, that can be configured in the web.xml file.