There are two aspects to look at here - Security and the Web Application.
But in terms of the JSP itself and how it might look like, specifically the links to the secure files.
Web Application - Your JSP remains the same just like you do for HTTP (e.g <href> to point to pdf). The only difference is that now the links contains https (https://www.example.com) instead of http (http://www.example.com) So, what makes this file transfer secure ?
Security - There are many ways to secure the file transfer between the client and server. Your use case suggests that the file transfer is for public user over internet. In this case HTTPS may be used. The SSl certificates on your web application server ensures that the communication between the client - user and the server is secure.
You might have a quick look at these links to get a feel of https and ssl.