Using the tomcat-users.xml and web.xml changes at the link below, I was able to setup a default ubuntu server tomcat/solr install to require a simple login to access solr (the admin console, updates, etc).
http://blog.comtaste.com/2009/02/securing_your_solr_server_on_t.html What I want to do is require auth for updates but not for the admin console or queries. Changing <url-pattern>/*</url-pattern> to /solr/update or /solr/update* results in no auth required instead of the desired result. I'm guessing this has something to do with the SolrRequestFilter and that the requests aren't exactly handled like standard URL patterns but I'm new to tomcat. Any input or links to archived solutions is appreciated. Thanks, KC Braunschweig
