Is there a way to do that ? I created my own authorizer webapp but I don't have access to the IP address of the host that requested the service, only the IP address of the orbeon server that is calling my authorizer.
Re: Secure CRUD services using IP addresses (whitelist)
I don't think the auth service can obtain the remote IP address given how it is implemented now.
In this case, I would just add the IP filter in front of everything: the auth service would just validate other aspects of the request or let pass everything, and the IP filter in front of the servlet would check the paths and let through calls to the services as needed.