Well, I finally found a workaround:
- locate your tomcat server XML config file (mine is located in .../apache-tomcat-8.0.52/conf/server.xml)
add the following markup in Server > Service > Engine > Host:
< Valve allow="< list of IPs allowed>" className="org.apache.catalina.valves.RemoteAddrValve" deny="" />
I have a daily script that generates this list of IPs from the workstations allowed and updates this file accordingly. This list is like "1.2.3.4|5.6.7.8|6.2.5.3".