When testing the Axis2 0.94 security module, I have some questions regarding client side configuration. I raised the following question after reading the webpage http://ws.apache.org/axis2/0_94/security-module.html.
1. The page mentions that client side configuration parameters can be set in the axis2.xml of the client's Axis2 repository. My question is is this referring to the directory \axis2-std-0.94-bin\repository\services ? It is initially empty. What will be the root element in the client respository axis2.xml? Could you help me to get some sample client side configuration? 2. If a developer only downloaded WAR distribution and put the war inside the Tomcat webapps folder. Can he/she still configure the client side? How? 3. The page mentioned per service level security configuration. Could you also provided some details? My understanding is that the security configuration (security policy and security information) will be read by the WSDoAllHandler inside the security.module. I checked both WSDoAllSender and WSDoAllReceiver, but could not figure out where how can WSDoAllHandler find out the security configuration file. 4. As for the PasswordCallbackClass, is it possible to use the same PasswordCallbackClass for both client and server if I combine the client and server into the Axis2 installation in Tomcat? 5. Does Axis2 security module allow plain username and password for authentication? Can I specify the username and password inside the configuration? Regards, Xinjun
