You can do it to every app deployed to tomcat by adding this to the end of tomcat_dir/conf/web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
So you don’t have to change it on the web.xml of your webapp.
That should work, assuming you already have https working in another port (usually 443). If you don’t, make sure your tomcat_dir/conf/server.xml looks like this:
<!-- Default tomcat connector, changed the redirectPort from 8443 to 443 -->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- To make https work on port 443 -->
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
<SSLHostConfig>
<Certificate certificateKeyFile="/your/own/privkey.pem"
certificateFile="/eyour/own/cert.pem"
certificateChainFile="/your/own/chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>