I have a website that displays product information using Solr, and it is managed via the URL. I am curious as to how I would go about preventing regular users from updating or deleting my Apache Solr documents via the URL. I want to get it so only admins can submit these queries.

I would assume that there is a way to have a username and password verify that an arbitrary user is an admin, thus allowing for the URL request to modify data. This is useful, but the problem is that I don't want users from the website UI to even have the opportunity to see the log-in message in the event that someone enters a query into the URL.

Does anyone know of a solution for this / done something similar?

1) One solution would be to run SOLR on a different port (say 8081) and have your OS firewall block requests to port 8081 excluding the public IP of machine that you will using to manage the admin, allowing just you local machine to access 8081.

This is the firewall configuration I'm using in IPTABLES on my CentOS machine

-A INPUT -p tcp --dport 8081 -s 111.222.333.444 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 8081 -j DROP

And to secure the admin further I added the following security-constraint to web.xml with DIGEST auth-method

<security-constraint> 
    <web-resource-collection> 
        <web-resource-name>Admin</web-resource-name> 
        <url-pattern>/admin/*</url-pattern> 
        <url-pattern>/admin.html</url-pattern>
    </web-resource-collection>
    <auth-constraint> 
        <role-name>admin</role-name> 
    </auth-constraint>
</security-constraint> 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Admin images</web-resource-name>
        <url-pattern>*.png</url-pattern>
    </web-resource-collection>
    <auth-contraint>
        <role-name>admin</role-name>
    </auth-contraint>
</security-constraint>

<login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>secure</realm-name>
</login-config>

2) Another option would be to just add the above security-constraint for two different roles i.e. user and admin. User's with user role will be able to access just the select url-pattern and users with admin role will be able to access the admin url-pattern.

I would recommend using DIGEST authentication because BASIC authentication can easily be spoofed by attackers.

Exposing all SOLR endpoints to the end user is like opening up the database to the user. We had similar requirements, and we facaded SOLR from the end user via the application.

Search is still powered by SOLR, but all requests and responses are proxy-ed/transformed via the application.

This helps us do all Role-Based-Authorization on the application layer and SOLR need not be made aware of user roles.

So, your website could control what actions require authorization, maintain session of already logged in users etc.