Jersey web-service token based on hostname

Question

I recently built a RESTful service using Jersey and is currently used by 3 other systems internal to the network (not people).

How can I make sure the requests to the service are honored only based on hostname/IP address.
The service is local to the network and so Im not using HTTPS
Any opensource ideas/example code would be of great help.

Thanks

Maybe a firewall on the server itself? – smcg Jun 26 '12 at 17:18 — smcg, Jun 26 '12 at 17:18

score 0 · Answer 1 · answered Jun 14 '13 at 20:07

You could just write a simple Servlet Filter that extracts IP address from the request and accepts it or denies and terminates any further processing.

See an example - https://community.jboss.org/wiki/LimitAccessToCertainClients?_sscc=t

However i think that such kind of authentication should be done before the application - by an application server or a firewall.

score 0 · Accepted Answer · answered Jun 18 '15 at 22:15

There were a couple of suggestions and ideas that I tried. Eventually we decided to settle with Service based authentication. OAUTH2 was recommended by other experts and we implemented it successfully with Token based authentication using Referrer URLs and Scope. Thanks everyone for the suggestions.

Jersey web-service token based on hostname

2 Answers2