Currently Solr always runs the Admin UI. With the history of XSS issues and other security concerns that have been found in the Admin UI, Solr should offer a mode where the Admin UI is disabled. Maybe, and this is a topic that'll need some serious discussion, this should even be the default when Solr starts.
NOTE: Disabling the Admin UI removes XSS and other attack vectors. But even with the Admin UI disabled, Solr will still be inherently unsafe without firewall protection on a public network.
A java system property called headless will be used as an internal flag for starting Solr in headless mode. This property will default to true. A java property can be used at startup to set this flag to false.
Here is an example:
A message will be added following startup describing the mode.
In headless mode the following message will be displayed:
"solr is running in headless mode. The admin console is unavailable. To to turn off headless mode and allow the admin console use the following parameter startup parameter:
In non-headless mode the following message will be displayed:
"solr is running with headless mode turned off. The admin console is available in this mode. Disabling the Admin UI removes XSS and other attack vectors"
If a user attempts to access the admin console while Solr is in headless mode it Solr will return 401 unauthorized.