How can I secure Solr 5.3.1 only admin pages

Question

I am fairly new to Solr and I have been researching this for the past day and half and finally turning here.

I have a Solr server up and running and I had my network ad

Answer 1

Following the advice of Exclude a JSP from web.xml's security-contraint you can keep your configuration as is, but expose that endpoints that you want to be public available.

So you could add a <security-constraint> like this to your web.xml, but leave out the <auth-constraint> for the matched <url-pattern>. This will make it open to the public. In addition with the basic auth for the rest of your Solr instance, you can then expose step by step the cores or handlers that shall be public.

<security-constraint>
  <web-resource-collection>
    <web-resource-name>mycollection</web-resource-name>
    <url-pattern>/mycollection/*</url-pattern>
  </web-resource-collection>
</security-constraint>

A caveat of this is that you will need to add anything that shall be public as an own URL pattern. But this may also be a plus, as you have the option to make fine grained access control to for the collections - e.g. one user per collection.