403 Access Denied on Tomcat 8 Manager App without prompting for user/password

Question

I have set up tomcat 8 according to this, and I have the following tomcat-users.xml file:

Answer 1

The correct answer is as @JaKu pointed out. Tomcat is confining the access to localhost to make it secure. This is as it should be. Port forwarding to tomcat is the correct thing to do, preferably under something secure like SSH.