Friday, January 20, 2012

IP request filtering in JBoss and Tomcat

I just needed to allow only particular IPs to have access to a servlet or web app and was somehow surprised IP filtering of requests is not part of the standards. The portable way of doing so is to write a custom filter [1] [2] but this is not something I want to bother with.
Fortunately JBoss AS has this capability OOB being based on Apache Tomcat which has a valve to help with that [3]. update: Wildfly, the JBoss AS new name will be using undertow as the servlet and web server engine so this won't work on it.

In short you can create a file WEB-INF/context.xml for JBoss or see docs [4] for Tomcat with content like:

<?xml version="1.0" encoding="UTF-8"?>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"

[3] - I've started here and saved me lots of time