Securing the Web Service Request

Hi
I have web service deployed on Apache Tomcat server on windows Server.
Is it possible to restrict the access by web application in tomcat.
For example:
app1:-Webservice1
app2:-transcation

I want to restrict the app1 to accept request from on specific IP address

app2 to global

I am able to restrict the specific IP address the process the request from server.xml in tomcat .

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="10\.0\.0\.0" />

How can I do by Context. Please help

Thanks
Padma

Did you try defining a separate context and apply the Valve configuration [1]?

Welcome to the JavaRanch, Padma!

Using a different IP address is no real security. If an unfriendly person can get to any IP address, that address can be attacked. J2EE defines a true security system and I suggest studying that.

If you actually have a practical need for different virtual hosts at different IP addresses, you have to have a deeper understanding of how Tomcat is assembled from its components. Tomcat's primary elements are Servers, Hosts, and Engines. Connector elements define which IP address(es) a given host will listen to and thus process.

In practice, any site that is complex enough to need multiple virtual hosts often needs to be able to present both J2EE and non-J2EE webapps (such as PHP or Django) and a better solution is to define them all to a front-end server such as Apache. Apache can then tunnel the JEE-specific requests to one or more Tomcat server/app combinations. Apache is also more secure as a web-facing system since it doesn't require elevated privileges to listen to standard ports 80 and 8443 the way Tomcat does.