Hi im just wondering how i could improve this to make it secure from either the jsp file itself or external java files.

<head><title>JSP Page</title></head>

<jsp:useBean id="user" scope="session" class="shop.UserBean" /> 
<jsp:useBean id="dataFactory" scope="session" class="data.factory" /> 
String userName = request.getParameter("userName");
String userPassword = request.getParameter("userPassword");
if (!user.getLogin()) { %> 
    <jsp:forward page="loginForm.jsp"/>

<jsp:forward page="orderForm.jsp" />

I too was actually looking for the same thing 2-3 days back as me too new to Java. You can have a look at JDBCrealm for Glassfish or Tomcat else an easier approach would be to use Authentication Filters :)

What "security" are you looking for here?
Is username/password not enough and you want something better?
Are you worried about credentials being transmitted in cleartext?
Are you worried about the way your credentials are stored in the database?
Or do you think something else isn't "secure enough"?