Consider the following implementation of Web app and Client - that uses Spring/Hibernate for the web app. The Application container is Tomcat
Web App 1 (Primary) Web App 2 Web App 3
Web App 1, 2 and 3 expose services that talk JSON
The Client is a normal browser, say there are 3 clients
Client 1 Client 2 Client 3
The requirement of the application is that only the 3 clients should be able to access Web App 1, 2 and 3. If any request from any other client than the above three should be rejected by the server. Clients 1, 2 and 3 will first access Web App 1 and subsequently Web App 2 and 3.
What mechanism should I use to implement the restriction/security mentioned above? (Like client certification, security configuration etc)?