Tested with SOLR version is 4.4
Place the following code in example\etc\webdefault.xml file under <web-app>
<web-resource-name>Solr authenticated application</web-resource-name>
Brief description of above parameters:
url-pattern refers to the url for which this authentication required, since, mentioned as "/*", authentication would be required for any url. Once after authentication happens, application won't ask the authentication until browser session gets destroyed.
role-name refers to the role that access exists. Similarly, we can place separate access for each functionality like search, update, delete etc
realm-name refers to the name used to display while asking for authentication, this should match with the name under set parameters of example\etc\jetty.xml file as follows:
Place the following code under <configure>
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
Now, create / update the realm.properties file in etc folder with authentication details as follows:
<username>: <password>, <role>
Eg: user: pwd, admin
So, we can give multiple users with multiple roles and provide access on role basis.
For more information, please refer http://wiki.apache.org/solr/SolrSecurity
If needed to configure realm for TOMCAT, please use UserDatabaseRealm as explained in http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html