It isn't specific to Websphere either, it's just a general question about Java security. So I will try an answer and move it to Java Advanced:
As I read the API documentation for the java.net.SocketPermission class, the "167.23.122.222" identifies a host computer. I don't see any place where it mentions it might be the name of a client computer, so I conclude that you can't use SocketPermission to restrict clients from connecting. Although that's kind of weak reasoning.
While googling this I found a document about Java security in
Tomcat. In the example it gave, there was this line:
Clearly this cannot mean that Tomcat can only accept connections from localhost, that would be nonsensical. So I think my conclusion is correct.
And since it isn't working the way you expected, maybe I'm right.
You might be able to use a firewall to do that, but that's a question about networking and not about Java.