Is it possible to accurately determine the IP address of a client in java servlet

Question

I want to configure a machine in my network to accept all calls from a specific machine without authentication. For this I am planning to use the IP address of the client ma

Answer 1

Your service could be vulnerable to IP Spoofing. It's easy to forge packets that appear to be from a different IP address. The thing about spoofing, though, is that the attacker won't be able to receive any response packets. Therefore, if calling your services doesn't cause an internal change of state (i.e. it's read only), then you should be okay. If, however, the calls to your service will issue writes, then you shouldn't rely simply on IP address because a spoofed packet will be enough to change the internal state of your system.