You can't do this purely through config in web.xml, no. A servlet filter would be a good place to implement such a thing, though.

你不能纯粹通过 config in 来做到这一点web.xml，不。不过，servlet 过滤器将是实现这种事情的好地方。

The Filterinterface supplies the HttpServletRequestas part of the filter chain invocation, and from that you can get the IP address of the client (using getRemoteAddr), and compare that to your list of permitted addresses.

该Filter接口将 提供HttpServletRequest为过滤器链调用的一部分，您可以从中获取客户端的 IP 地址（使用getRemoteAddr），并将其与您的允许地址列表进行比较。

Alternatively, your specific appserver might support IP filtering at a proprietary level, but that locks you into that container (which may or may not be a problem for you).

或者，您的特定应用程序服务器可能支持专有级别的 IP 过滤，但这会将您锁定在该容器中（这对您来说可能是问题也可能不是问题）。

You cannot block IP addresses using web.xml. It should be done at Webserver, Container or Application Server level.

您不能使用 web.xml 阻止 IP 地址。它应该在 Web 服务器、容器或应用程序服务器级别完成。

In case you are using Tomcat, you need to use Valve specification to block IP addresses. More information could be found using the following resources

如果您使用 Tomcat，则需要使用 Valve 规范来阻止 IP 地址。可以使用以下资源找到更多信息

http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html

http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html

http://hcmc.uvic.ca/blogs/index.php?blog=30&p=2658&more=1&c=1&tb=1&pb=1

http://hcmc.uvic.ca/blogs/index.php?blog=30&p=2658&more=1&c=1&tb=1&pb=1

figuring out the filter config and all that is left as an exercise to the reader.

弄清楚过滤器配置以及所有留给读者的练习。

import javax.servlet.*;
import java.io.IOException;

public class BlackListFilter implements Filter
{
    private String blacklistedip;

    @Override
    public void init(final FilterConfig filterConfig) throws ServletException
    {
        this.blacklistedip = filterConfig.getInitParameter("blacklistedip");
    }

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException
    {
        if (!request.getRemoteAddr().equals(this.blacklistedip))
        {
            filterChain.doFilter(request, response);
        }
    }

    @Override
    public void destroy()
    {
        // nothing
    }
}

I'd normally acheive this with a reverse-proxying web server, but if you really want to define it in your servlet, it's not a problem ...

我通常会使用反向代理 Web 服务器来实现这一点，但是如果您真的想在您的 servlet 中定义它，这不是问题......

Here's an example to point you towards managing this using a Filter.

这是一个示例，可指导您使用过滤器进行管理。

http://www.java2s.com/Code/Java/Servlets/IPFilter.htm

http://www.java2s.com/Code/Java/Servlets/IPFilter.htm

Note that it doesnt include the web.xml entries, which would look something like this:

请注意，它不包括 web.xml 条目，它看起来像这样：

    <filter>
       <filter-name>IPFilter</filter-name>
       <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
       <filter-name>IPFilter</filter-name>
       <servlet-name>MyServlet123</servlet-name>
    </filter-mapping>

If you're using Spring (as in the filter-class above), you may want to use a Spring DelegatingFilterProxy, to simplify the solution, and give your filter access to other beans your applicationContext (potentially load client IP addresses from properties or even a database):

如果您使用的是 Spring（如上面的过滤器类），您可能希望使用 Spring DelegatingFilterProxy 来简化解决方案，并让您的过滤器访问您的 applicationContext 的其他 bean（可能从属性加载客户端 IP 地址，甚至数据库）：

http://static.springsource.org/spring/docs/2.0.x/api/org/springframework/web/filter/DelegatingFilterProxy.html

http://static.springsource.org/spring/docs/2.0.x/api/org/springframework/web/filter/DelegatingFilterProxy.html

hth

第