Resolution:
Description:
==================
You can use the ConnectionInfoCallback class in com.tibco.tibems.tibemsd.security to get the the inetAddress of the remote end of the TCP connection for this client.

========================================
getInetAddress

public java.net.InetAddress getInetAddress()

   Returns:
        the inetAddress of the remote end of the TCP connection for this client. This may or may not be the IP address of the client's network interface. NATs and other routing elements in the network may affect its value. Calling getHostName() or any of its variants may be expensive, as a reverse DNS lookup will be required
========================================

Here is what you can do:

1). import this class in your JAAS authentication program:

import com.tibco.tibems.tibemsd.security.ConnectionInfoCallback;

2). In the login() function add the ConnectionInfoCallback and get the ipaddress.

For example:

NameCallback nameCallback = new NameCallback(" ");
PasswordCallback passwordCallback = new PasswordCallback(" ", false);
ConnectionInfoCallback connCallback = new ConnectionInfoCallback();

Callback[] callbacks = { nameCallback, passwordCallback ,connCallback};
callbackHandler.handle(callbacks);

InetAddress ipaddress = ((ConnectionInfoCallback)callbacks[2]).getInetAddress();

3). You need to implement your own logic to validate the ipaddress.

The solution provides two examples to validate the ipaddress from client connection:

a). Attached the modified sample java program:
samples\security\com\tibco\example\FlatFileUserAuthLoginModule.java. It tries to validate client ipaddress with the hostnames defined in a plain text file, the plain text file is defined as hostfile parameter in jass config file, for example;

EMSUserAuthentication {
    com.tibco.example.FlatFileUserAuthLoginModule   required
        debug=true
        filename="c:/tibco/ems/7.0/samples/security/userpass.txt"
        hostfile="hosts.txt";
};

b).. If you want JAAS plugin to only validate client's IP address and want the username and password to be authenticated using local EMS server user configuration. You can use the sample java program: ConfFileUserAuthLoginModule.java. It provides authentication based on a file that complies with users.conf.    
Attached a modified sample java program: samples\security\com\tibco\example\FlatFileUserAuthLoginModule.java, it validates client ipaddress with the hostnames defined in a plain text file, the plain text file is defined as hostfile parameter in jass config file, for example:

EMSUserAuthentication {
    com.tibco.example.ConfFileUserAuthLoginModule   required
        debug=true
        filename="c:/tibco/ems/7.0/samples/config/users.conf"
        hostfile="hosts.txt";
};

Refer to SOLUTION :SOL1-E2WVLY for details about how to run ConfFileUserAuthLoginModule sample.