1

I have a service running in spring-boot with embedded tomcat.

Two different url endpoints on the same port, like

@RequestMapping("/endpointExternal")

@RequestMapping("/endpointInternal")

Only the first should be reachable on the external interface, while the other should only be reachable from localhost.

Is that possible to configure somehow?

Rop
  • 3,359
  • 3
  • 38
  • 59
  • I think this can only be achieved by providing two separate Tomcat instances. – Marged Apr 24 '17 at 17:20
  • But is it then possible for two different spring-boot apps to listen on the same port? How? – Rop Apr 24 '17 at 17:28
  • Or do you mean two tomcat-instances on the same port in the same app? Is that possible? – Rop Apr 24 '17 at 17:29
  • 1
    Autowiring the request object will give you access to the remote address used. You could check for `localhost` and `127.0.0.1`. See http://stackoverflow.com/questions/29910074/how-to-get-client-ip-address-in-java-httpservletrequest – Hannes Apr 24 '17 at 17:33
  • 2
    You can use Spring Security to add that protection. – M. Deinum Apr 24 '17 at 17:44
  • @M.Deinum --- Cool! I'll see if I can google that up.... :) – Rop Apr 24 '17 at 17:47
  • 1
    Something like `@PreAuthorize("hasIpAddress('range-allowed-access')"` ont that method (or the URL if you want to block the URL already).... – M. Deinum Apr 24 '17 at 17:48
  • Do you use physically separated network interfaces vor just separate IP ranges ? Is it your goal to increase security ? If yes then you should consider that IP addresses can be spoofed – Marged Apr 24 '17 at 18:29

0 Answers0