Case closed.
I setup an "unsecure region" using "security-constraint" at "web.xml" and got what I wanted at first place.
In fact, besides enabling SSL for all web services, I needed one resource to be accessible directly (used by the client installer to verify if the server is on provided IP), so I've created an unsecure region and put a dummy file on it.