I found a useful example at http://www.ibm.com/developerworks/java/library/j-jws4/. I got rid of the OutflowSecurity parameter in axis2.xml. I also got rid of the password callback class. I added a policy.xml file and some code to load it. I use this code to provide the username and password:
// Prepare the client
PartnerAPIStub stub = stubProvider.getStub();
ServiceClient client = stub._getServiceClient();
client.engageModule("rampart");
org.apache.axis2.client.Options options = client.getOptions();
options.setProperty(RampartMessageData.KEY_RAMPART_OUT_POLICY, policy);
options.setUserName(account.getApiUser());
options.setPassword(account.getApiPassword());
// Send the request
RetrieveResponseMsg response = stub.retrieve(requestDoc).getRetrieveResponseMsg();