First, let's discuss IDE, ORM, and security, and DB: In my opinion, the best Java IDE is IntelliJ IDEA. It's from the same folks who have developed Resharper for Visual Studio. It has the most powerful editor of all Java IDEs and has built-in support for many popular Java frameworks.
ORM: The most powerful ORM library in Java is Hibernate. Hibernate itself is an implementation of Java Persistence API (JPA) standard. EclipseLink is another implementation of JPA, but Hibernate is a better option IMO.
Security: Spring Security is probably the most powerful security (authentication and authorization) framework available in the Java world.
DB: If you are comfortable with SQL Server, then keep on using that. However don't use Microsoft's JDBC drivers. Instead use a driver from DataDirect: http://web.datadirect.com/products/jdbc/index.html. If you don't want to use SQL Server, MySQL is a great FOSS choice and Oracle, DB2, etc. are other options.
For the Web framework, there are several options:
Option 1: If you want a RAD style framework, choose Grails. Grails is similar to Ruby on Rails but uses JVM and a Java-like but dynamic language named Groovy. Grails' ORM API is called GORM, which is built on top of Hibernate, but is much easier to use. Grails also uses Spring Security for managing security.
Option 2: If you want an enterprise-grade framework, choose JBoss Seam + JavaServer Faces. JSF is a component-based MVC framework, and there are plenty of great JSF libraries available for use: RichFaces, OpenFaces, etc. Seam integrates JSF with EJB and together they make a great enterprise framework. However it has a steep learning curve.
Option 3: Use Spring + SpringMVC + JPA.
Option 4: Use Struts 2 .
Final remarks: If you are looking for an easy-to-learn MVC + ORM framework, use Struts 2 + JPA. If you are looking for a RAD and easy-to-use MVC + ORM framework, use Grails. If you are looking for a robust and enterprise-grade (but not-easy-to-learn) framework, use JBoss Seam.