How to invoke a secured web service without maintaining a policy at the client side
When we call a secure web service, the most common way of invocation is to use a policy which is compliant with the service policy at the client side. Usually, the client side policy is placed at the client file system. We have observed how this is done in few posts which published earlier. However, there is a major drawback in this method, user has to change the client policy whenever the service policy is changed. In order to overcome this limitation, we can use Axis2 DynamicClient to derive client policy by referring to the service WSDL which essentially keeps the service policy. Lets see how this can be done using WSO2 WSAS-3.1.* Pre-requisite: Download and install WSO2 WSAS-3.1.* Step 1 We are going to secure the default HelloService shipped with WSAS. We configure HelloService with "Sign and Encrypt - X509 Authentication" policy. In order to do that, first start WSO2 WSAS server by running wso2server.sh which is located at WSO2WSAS_HOME/bin directory. Then, log in to