[jbossws-users] [JBossWS] - Web service security, how to filter client IP address?

I am using basic authentication (username, password) in my web services. So client have to authenticate to endpoint provider. But I would like to know, how to secure my web service endpoint servlet. I would like to allow connection only to clients with specified IP address. my web.xml | <!-- START WS authentication --> | <security-constraint> | <web-resource-collection> | <web-resource-name>All webservices</web-resource-name> | <url-pattern>/ws/*</url-pattern> | <http-method>POST</http-method> | </web-resource-collection> | <auth-constraint> | <role-name>wsrole</role-name> | </auth-constraint> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <login-config> | <auth-method>BASIC</auth-method> | <realm-name>Security Realm</realm-name> | </login-config> | | <security-role> | <role-name>wsrole</role-name> | </security-role> | <!-- END WS authentication --> | | <servlet> | <servlet-name>BareEndpoint</servlet-name> | <servlet-class>hcp.service.BareEndpointBean</servlet-class> | </servlet> | | <servlet-mapping> | <servlet-name>BareEndpoint</servlet-name> | <url-pattern>/ws/bareservice</url-pattern> | </servlet-mapping> | I would like to use this kind of security to deny access to BareEndpoit servlet and only client(s) with specified IP can read wsdl from /ws/bareservice?wsdl address and call some endpoint actions. Thank you for some useful tips. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4162661#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...