Java EE security is not based on IP addresses. The network layer wasn't designed for security. You should base your security on something stonger, e.g. PK crypto.
If you really need it, a simple Servlet Filter will help you put this additional restriction.
[Message sent by forum member 'ymajoros' (yannick.majoros_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=382703