restrict access from localhost only

one of our application modes is “single user”, where the app must run on a local user machine and access must only be allowed from localhost.
is it possible to configure this at Vaadin level?

I did this

public class TAApplication extends Application implements HttpServletRequestListener …

public void onRequestStart(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    services.getCookiesManager().init(httpServletRequest, httpServletResponse);
    System.out.println("HOST=" + httpServletRequest.getRemoteHost());

not sure this is the best way