Well, yes, I've already found and studied this (especially http://docs.jboss.org/jbossas/6/WebServices_Guide/en-US/html/chap_JBossWS-StackCXFUserGuide.html) via Google.
However, in the examples, they mess with heavy XML configuration which would break my approach using annotations for all the web services. Furthermore, Spring is required in order for this to work. This is not what I call a "lightwight" solution ;)
So I don't want to rely on any container magic, I just want to inject my stateless session bean somewhere in the handler chain to parse the SOAP header and to check the username in the database...