The health check performed in jbosswebserver_controller.go#L350 uses a curl call to the manager's JMXProxyServlet:

$ curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'"

There are no users defined in tomcat-users.xml, so only 401 will be returned by this call. We should instead remove the manager webapp and use the HealthCheckValve instead.