SSL should be configurable based on flag. Check if Apache Shiro fits the bill for securing the server.
