Is it possible to restrict access to particular web application with Tomcat?

Alessandro A. Garbagnati

Yes, it can be done by using two predefined Valves, that are the RemoteHostValve or the RemoteAddrValve.

These valves can be used inside any container (<Engine>, <Host> or <Context>), and you can specify deny or allow rules, by simply providing the remote client's IPs (in the case of a RemoteAddrValve) or hostname (foe the RemoteHostValve). Both valves accept regular expressions or the "*" wildcard.

You can have further information at the documentation pages:
Tomcat 5.0.x Valves
Tomcat 4.1.x Valves.

You can also refer to this FAQ: Is there any way to restrict access from subnets or specific IP addresses to Tomcat like Apache does?