Tested with SOLR version is 4.4
Place the following code in example\etc\webdefault.xml file under <web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
Brief description of above parameters:
url-pattern refers to the url for which this authentication required, since, mentioned as "/*", authentication would be required for any url. Once after authentication happens, application won't ask the authentication until browser session gets destroyed.
role-name refers to the role that access exists. Similarly, we can place separate access for each functionality like search, update, delete etc
realm-name refers to the name used to display while asking for authentication, this should match with the name under set parameters of example\etc\jetty.xml file as follows:
Place the following code under <configure>
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
Now, create / update the realm.properties file in etc folder with authentication details as follows:
<username>: <password>, <role>
Eg: user: pwd, admin
So, we can give multiple users with multiple roles and provide access on role basis.
For more information, please refer http://wiki.apache.org/solr/SolrSecurity
If needed to configure realm for TOMCAT, please use UserDatabaseRealm as explained in http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html