This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Yes, the http request object contains the ip and other information of the one making the request. You can define an approve list that accepts/rejects requests based on the user's input information. I recommend putting this list in a file so that you don't have to recompile the servlet if you add/remove users/machines.
You can use certificate based authentication, where the user must have a certificate installed before being able to access the site, and the site will only accept requests from clients with the certificate. It doesn't get used much so you may need to search for information.
If it really needs to be secured you can also look at solutions such as setting up a VPN and only allowing internal access to the site.
Joined: Oct 19, 2006
Thanks David, this sounds good. Do you have any link for me where i can get technically details/information about this procedure ?
I don't have a book in front of me so I can't be certain, but I believe it is part of the J2EE spec and a topic in the SCWCD exam. It should be supported by servlet containers along with Basic and form based authentication, but honestly I have never gone looking for it.