I've just spent the whole weekend trying to get apache+php+ssl going on windows and still couldn't get it done til i tried out this product. Got it going in 5 seconds. wow.

How can I specify that everything in the root be https ? Also, how can I setup password protected folders in the web site's root folder?

Last question. Will Tomcat work with this setup? I need to support jsp pages.

If it does not requre any 3rd party apache modules it will work smoothly. If it does you have to compile them from the sources using EAPI (see mod_ssl site for details).

If you want to disable non-https site you may want to comment out non-https virtual hosts. See httpd.conf. Please note that with host-based virtual hosts you can run only one HTTPS site. This limitation is because of mod_ssl itself. See their site for the details.

Password protected folders can be set up easily. See admin area which requires password. See statements like below in the conf:
AuthType Basic
AuthName "Admin Site Access"
AuthUserFile "logs/passwd_tp"
Require user adminmaster