Alright, I have an idea
download a copy of tcpmon here http://code.google.com/p/tcpmon/
try directing the client at that. maybe you'll get some more information.
I think the problem is with the server/service's configuration.
You can try turning on remote debugging on your jboss server, attach to it and set break points at every entry point in your code, especially the authorization pieces.
worse case scenario, download the source for your version of jbossws and then set break points with that. There's some example code/smoke tests in there as well that may help you model your service after for this specific task.
In addition, I'd suggest you try searching the issue tracker to see if there is anything related to this and your version of jbossws. Make sure you're running the latest version supported by your container version