As we all know Solr Admin Page is not password protected and anyone can get into Solr Admin Page. However this article will help you in enabling Password Protected Solr Admin Page.
Yes, Solr Admin Page comes
without any password protection. However good thing is that we deploy
Solr either on Tomcat or on Jetty or on JBoss. So using the feature of Web
Container we can restrict the Solr Admin Page as well as Solr Indexing API call
under username and password.
Step 1:
We need to add following piece of code in \solr-6.5.1\server\etc\jetty.xml
Step 2:
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Secure Realm</Set>
<Set name="config">
<SystemProperty name="jetty.home" default="."/> \\etc\\realm.properties
</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
We need to add following piece of code in \solr-6.5.1\server\solr-webapp\webapp\WEB-INF\web.xml
<security-constraint>
<auth-constraint><login-config>
<web-resource-collection>
<web-resource-name>Solr Search Engine</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<auth-method>BASIC</auth-method>
<realm-name>Secure Realm</realm-name>
</login-config>
Step 3:
Create the MD5 password using below step. For Username:admin and Password: solr123
\solr-6.5.1\bin>java -cp ..\server\lib\jetty-util-9.3.14.v20161028.jar org.eclipse.jetty.util.security.Password admin solr123
Output
2017-05-17 17:24:08.064:INFO::main: Logging initialized @958ms
solr123
OBF:1m0v1l181k8q1y7z1k5g1kxu1lxb
MD5:77cb23aec2e0ff10c2952948346d9817