authbind, privbind or iptables REDIRECT (port 80 to 8080)?
Solution 1:
I use NAT all the time in production. While it is more commonly used to translate between intranet and Internet, it can be perfectly acceptable to use it this way as well. I've done similar for an almost identical situation. With that being said, there are other options.
Application servers and Web servers often run together, as such it makes sense to keep Java on 8080 and 8443 internally. More often, people would probably use Apache as the proxy to translate certain requests to Java and serve static content from the Apache instance. I understand that you find this solution unacceptable to you but it must be said.
If this does not cover your questions, feel free to expound and I will iterate further.
Edit 1
You're welcome. NAT won't affect https' normal operation, it will work fine.
I can't imagine why you would be worried about other non-privileged users binding to 8080. Is there something unique to your situation?