There can be many cases in your projects where you would like to add a browser authentication for your project. But there will be a few where you will actually need to remove that. That’s what happen to me today. Checked out code for a project and tried to run on local tomcat instance, everything worked fine. When tried to open up the app like localhost:8080/myapp, browser asked for username and password. I had no idea about username and password.
So started by googling about removing browser authentication in tomcat, that was a mistake. Could not find a single site talking about removal of authentication. After spending 20 minutes, I got the idea to actually look for- how to set the browser authentication. And bam- that worked.
In your apps web.xml, there will be setting for <security-constraint> where you can set up the <login-config> as basic (or actually remove in my case).
Define the Members-only area, by defining
a “Security Constraint” on this Application, and
mapping it to the subdirectory (URL) that we want
<!– Define the Login Configuration for this Application –>
<realm-name>My Club Members-only Area</realm-name>
Source point 5 of http://oreilly.com/java/archive/tomcat-tips.html