Issue
There is a Spring Boot app running on a host, it exposes number of REST endpoints. One of these endpoints is providing sensitive information.
On the same host resides a client app, over which I have no control.
1 - Is there any way using Spring Security to limit access to the endpoint in question, based on client's port?
I cannot change anything in the client app, since it is a 3rd party app.
2 - is there any other way to limit access based on ports, like iptables rules?
Solution
No, it seems like it is not possible to limit access to endpoint based on the port of the caller, only using Spring Security.
1 - However, using Spring Security one can limit access, based on the IP that the request is made - here.
2 - Also one can get the HttpServletRequest request
object in the controller method and get the port that the request is made from, like:
request.getRemotePort();
//IP is also available
//request.getRemoteAddr();
=> in the end what I need is doable.
Answered By - gai-jin
Answer Checked By - Timothy Miller (JavaFixing Admin)