How can I restrict access to certain URLs by source IP in Tomcat?

security jakarta-ee tomcat tomcat6 access-control
Randeep picture Randeep · May 8, 2012 · Viewed 52.6k times · Source

I want to restrict access to certain URLs in my Tomcat webapp. Only 3 known IP addresses should be allowed access to URLs that fit a certain pattern.

e.g. http://example.com:1234/abc/personId

How can I achieve this?

Answer

Mark Thomas picture Mark Thomas · May 8, 2012

Use org.apache.catalina.filters.RemoteAddrFilter and map it to the URL you wish to protect. See http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter for configuration details.

Related questions

HttpServletRequest.getRemoteUser() vs HttpServletRequest.getUserPrincipal().getName()

These two seem to be doing the same things. Can anyone explain the main difference between the two? When would you use one vs the other? HttpServletRequest.getRemoteUser() HttpServletRequest.getUserPrincipal().getName()

Read More
How to properly logout of a Java EE 6 Web Application after logging in

A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again? Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and …

Read More
Glassfish 3 security - Form based authentication using a JDBC Realm

I want to understand form based security and JDBC realms with glassfishV3, so i decided to create a little app that just allows to sign in and out, i followed the instructions from this book to do so. I understand …

Read More