How about adding a security-constraint for that ActionForward in your deployment descriptor. For example, if your "doSigninAction" needs to forward the authenticated user to a forward like:
And you want that destination to be https, then first you'll need the forward to be a redirect (this way the https connection is between the client and the server running through all defined security constraints):
Then in your web.xml add:
Now requests attempting to access
http://myserver/members/* will be automatically tranformed to
https://myserver/members/* Make sure you have a SSL connector configured in your container to handle https connections properly.
HTH,
--
Josh