The primary point would be for the game-client to be able to get Player-entities and highscores from the database using the Java-server for querying.
I've worked with JDBC and Apache at my school, using just Socket and ServerSocket in the client and server respectively. Would this approach be recommendable? I don't mind writing the raw SQL since there won't be many different calls anyway, so I'm in no need for a wrapper at this time. I'm more interested in possible security flaws in this approach.
I just implemented a http based highscore server with the standard classes HttpServer, HttpHandler, HttpURLConnection and the like.
Advantage is to run it on port 80, letting an Apache web server filter and forward appropriate requests to the Java side.
URL query encryption is easy to do as well.