Hi — I'm working through the production deployment guide and have a few questions concerning the standalone-apiman.xml file.

In the file, I see several entries like this (one each for apiman.war, apimanui.war, and apiman-gateway-api.war).

1. Is "password" supposed to be replaced by some credential? This isn't mentioned in the instructions; my guess is that this credential is used only for applications that request REST Direct Access Grants, and that apiman doesn't. Is that correct?

2. If I'm configuring the gateway as a separate service, can I remove the apimanui.war secure-deployment entry? Correspondingly, when I configure the standalone API manager, do I remove the apiman-gateway-api.war entry?

3. Is it possible to set properties that appear in apiman.properties by way of Java system properties or in a <system-properties> configuration in the standalone-apiman.xml file?