well your confige requires http basic for all users to the war which presumable contains the web service. How is this not acomplishing your goals?
In mine, i have the service implementation mapped as a servlet. The servlet mapping is something like /service. And the url pattern is /service
typically, in jax-ws, the handler chain does NOT fire off when a wsdl is request via http get
in axis 1.x, and wcf it does and you can do something custom there