The server, on which the tomcat is running, is having two domain names (Like, example1.com and example2.com). I want to restrict the access to tomcat, such that, it can be access only with example2.com. When anyone try with example1.com or IP address, tomcat should some error like Page not found..
As I am unable to touch DNS entries, Is there anyway I can build this restriction within tomcat??
You will not be able to block it completely: the TCP connection is done by the IP of the adress and there is no way to know which domain name was queryed to find that IP. Short of changing DNS, there is no absolute solution (and even then, you won't be able to block access by IP)
One way would be to block any request with a Host: different than exemple2.org. For exemple, with a custom Filter :
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (!request.getServerName().equals("exemple2.com")) {
((HttpServletResponse) response).sendError(403);
} else {
chain.doFilter(request, response);
}
}
Or you could define 2/3 Hosts inside your tomcat. One Host as exemple2.com with your application and a default one wich sends only error page.
As I said, this is far from perfect as It could be easily bypassed by changing the Host header.