The proxy service expects to receive a signed and encrypted message as specified by the security policy. Please see Apache Rampart and Axis2 documentation on the format of the policy file. The element 'enableSec' specifies that Apache Rampart should be engaged on this proxy service. Hence if Rampart rejects any request messages that does not conform to the specified policy, those messages will never reach the 'inSequence' to be processed. To execute the client, send a stock quote request to the proxy service, and sign and encrypt the request by specifying the client side security policy as follows:
By following through the debug logs or TCPMon output, you can see that the request received by the proxy service is signed and encrypted. Also, looking up the WSDL of the proxy service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl reveals that the security policy is attached to the provided base WSDL. When sending the message to the backend service, you can verify that the security headers are removed. The response received from Axis2 does not use WS-Security, but the response forwarded back to the client is signed and encrypted as expected by the client.