I am not a security expert, but in my opinion the safest way to run solr "securely" is to forget all about usernames & passwords and instead use SSL with client SSL certificates...
https://cwiki.apache.org/confluence/display/solr/Enabling+SSL : Date: Tue, 4 Nov 2014 12:53:30 +0000 : From: Shay Sofer <sha...@checkpoint.com> : Reply-To: solr-user@lucene.apache.org : To: "solr-user@lucene.apache.org" <solr-user@lucene.apache.org> : Subject: Solr authentication : : Hi, : : I want that my Solr web connection will be protected by username and password. : : When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known users). : : Is it possible ? : : Thanks, : Shay. : -Hoss http://www.lucidworks.com/
