Here's what I've found so far. This is assuming that the vCO installation is a real JBoss installation and doesn't just look like one.
In the web.xml file create the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This should force all connections through the https port. Now, if I can just find the web.xml file to see if I can add this.