I'm creating a webpage which will have a sign-in page.
but I'm not sure how to configure or do what ever is needed to have tomcat use https: over regular http: so
the users password and username are not listed in the url for all to see.
Any help on this will be greatly appreciated.
Thanks.
https will not hide anything that's on the URL; it will still be displayed for all to see. What SSL will do is to encrypt the value during transmission.
Why aren't you using a POST so that the values aren't on the URL?
That way SSL will protect the values during tansmission, and no one standing over your shoulder can see the values in the address bar of the browser.