Resolution:
The connection between EMS server and EMS client is based on the TCP connection.
So we don't have any parameters in the configuration file to deny the connection request from
unauthorized machine and accept the connection from the list of authorized machines.
So that, before EMS 5.0, as long as application gives the valid username/password combo while connecting, client can connect from any machine.

After EMS 5.0, this can be achieved by EMS 5.0 JAAS. For more detail, please reference to "Extensible security", it works by allowing you to write your own authentication and permissions modules, which run in a Java virtual machine (JVM) in the EMS server. The modules connect to the server using the Java Authentication and Authorization Service (JAAS) for authentication modules, and the Java Access Control Interface (JACI) for permissions modules.