(I only looked at MakeTransactionServlet and UMakeTransactions.jsp, other files should be similar).
Your model (DB), view (JSP) and controller (servlet) are not clearly separated.
Now it happens like this:

1. the servlet receives the request,
2. checks access rights,
3. if everything is OK, it executes the transaction according to the request parameters,
4. does sendRedirect on JSP
5. instead of HTML with results, the browser receives a response from the servlet: "HTTP 302, go see the JSP"
6. the browser asks the JSP server
7. JSP receives request
8. checks permissions (that's the responsibility of the servlet!)
9. makes a request to the database (it seems that here , I am superficially familiar with Hibernate) - this is also the responsibility of the servlet,
10. generates HTML with the result for the browser.

First of all, points 4-6 are redundant: the servlet should pass the request directly to the JSP, rather than asking the browser to make a second request to the JSP (more on that below).
Secondly, if you have a servlet, then only it should work with the database; there should not be direct access to the database from the JSP (since this is contrary to the MVC concept). Only the servlet should have access to the JSP, it must be denied direct access from the outside (this can be done by moving the JSP somewhere under WEB-INF). Then one check of access rights will be enough - in a servlet; and will not need a second request from the browser. Passing data from a servlet to a JSP can be done via request.setAttribute().
The theoretical background is described here in the "Integrating Servlets and JSP Pages" section, here is a brief summary:

The servlet acts as a controller responsible for processing requests and creating any beans needed by the JSP page. The controller is also responsible for deciding which JSP page to forward the request. The JSP page retrieves objects created by the servlet and extracts dynamic content for insertion within a template.

In general, of course, it would be nice to study the article in its entirety.
As a result, the process will look like this:

1. the servlet receives the request,
2. checks the rights
3. if the rights are OK, it executes the transaction,
4. get updated data from the database,
5. puts this data into a single object (or several objects, see "beans" in the quote above),
6. attaches this object to the request:

   request.setAttribute("resultsForJsp", bean)

7. and passes the request to the JSP:

   getServletContext().getRequestDispatcher("/WEB-INF/jsp/myView.jsp").forward(request, response)

   
   Unlike sendRedirect, forward simply forwards the request to another servlet/JSP for processing (keeping the request attributes set earlier); sendRedirect, on the other hand, returns an indication to the browser to request another address (request attributes are lost, only the session survives).
   The path /WEB-INF/...is available only to “friends” from inside the servlet container, the browser will not get there in any way - therefore, checking the incoming data (including access rights) is not needed: the servlet has already done it.
8. JSP receives a request with data ready to be shown,
9. generates HTML for the browser.

Also, try not to use scriptlets (<% java code %>) in JSP - this is considered bad manners, because:
1) it clogs HTML with Java code, and
2) often indicates the transfer of part of the controller (servlet) functions to the view (JSP ).
It's better to use JSTL instead of scriptlets .
For example, lines 45-52 of UMakeTransactions.jsp might look like this:

<c:forEach var='item' items='${resultsForJsp.items}'>
  <option value="<c:out value='${item.item_id}'/>"><c:out value='${item.item_name}'/>
</c:forEach>

Use maven (parent pom and children for sub-projects). Use spring. If you want to do something for the web, I advise Play! it will be easier to get started with it. Well, good luck!

1. As already advised - master maven2: split the project into modules with different responsibilities; move resources to resource folders, use jetty maven plugin to debug the entire web application, etc. etc. A lot of features and additional plugins for literally all occasions.
2. It is not necessary to store in SVN what can be generated from source codes - for example, Eclipse folders. Project files for any popular IDE can be generated from maven2 pom-s. Likewise with dependencies. maven2 will download the jars you need for you, put them in the WEB-INF/lib folder and build war. For information - maven.apache.org/guides/getting-started/index.html
3. Package naming. It's standard practice to create packages like com.mycompany.myproject.orm, com.mycompany.myproject.util, etc., don't be afraid to nest.
4. Naming class fields, user_id is a bad idea, use camel case everywhere. In general, learn and adhere to Java Code Conventions java.sun.com/docs/codeconv/CodeConventions.pdf
5. For a small test project, I recommend using an embeddable database instead of Oracle, such as HSQLDB

On the Downloads tab, only a JPG with a database schema and an archive with an sql script.
I didn't see J2EE there.

Well, just in case, I added WAR with sources.