I have tomcat server on which web services are deployed using Apache CXF framework.
(Well I am having Alfresco open source content management server)
I want to write standalone java client to consume these web services.
Can I use Axis2 at client side in this case?
Also in Axis2 I want to configure rampart security module, but I don't have much idea how to configure it.
Do I have to configure Axis2 and rampart on server side also? even if I only want to consume the deployed web services in Apache CXF/Spring.
Rampart comes with many examples - check the "samples" directory. You need to configure it where you're using it - it sounds as if that's only on the client side, since you're using CXF on the server side.
I don't think Rampart uses a policy.xml file - is that a CXF thing? if so, there's no point in having one on the client if you use Axis/Rampart there.
Why are you using that sample code - do you intend to work with SAML? If not, I suggest to stick to the examples in the "basic" directory, which do no use policy files.
Also, what do you intend to use WS-Security for - signing, encryption, or authentication?
As an introduction, I published a couple of articles in the JavaRanch Journal (www.javaranch.com/journal) about using Rampart for Authentication and Encryption.