Spring - Allow only specific domain requests with out spring configuring spring security

Question

I am using Spring Boot 1.5.10, My project track specific request from specific domain. I am using some api which notify my application, if some event occurs.

My application will receive only from specific domains which that api belongs. Eg: https://console.developers.google.com/apis

I want to restrict my endpoints to get request from specific domains like above example.

My application don't need any security. So, i am not interested to spring security. So how i can restrict my application to accept requests only from specific domain.

@dur, I need programmatic solution. My Server is tomcat. Other applications also deployed on that. — user_27, Feb 22 '18 at 14:50
For Tomcat see https://stackoverflow.com/questions/3381531/tomcat-restrict-access-by-ip-address — dur, Feb 22 '18 at 14:54

score -1 · Answer 1 · answered Feb 23 '18 at 01:32

-1

You can use the @CrossOrigin annotation on you controller methods or on class level if you have controller level requirements.

For example if you use it as @CrossOrigin(origins = "http://localhost:9000") it will only allow requests from http://localhost:9000 domain.

You can check sample usage in below url: https://spring.io/guides/gs/rest-service-cors/

answered Feb 23 '18 at 01:32

FDirlikli

185
1
4

3

You answer is wrong: First, it only works with browser (with CORS enabled), not any other HTTP client. Second: It doesn't check the remote IP address, it checks the origin of client's source code. – dur Mar 22 '18 at 18:04

Spring - Allow only specific domain requests with out spring configuring spring security

1 Answers1