Hi Fabian, Right now Axis2 doesn't come with any security manager that will restrict access to different resources. Therefore right now as long as you have access to a message context (or any place in the context hierarchy) you can have access to the configuration context of that axis2 instance, which will give you full unrestricted access to the system. Note that you can easily get hold of the context hierarchy at a handler (within a module), or a service.
So all web services on an axis instance must be trusted in the sense that none of them will try to get information of the other services?
IMHO because of the above flexibility the answer to the above question is "yes". Thanks, Ruchith p.s. added the [axis2] refix to the subject
