OK, sorry for the late reply on the forum, however here are some explanations in order for shading some light on this [1] topic:
* as of today the jbossws-security xsd is not published only, however it's available in the jbossws native core library
* the actual issue in your configuration for setting up jbossws-native ws-security w/ username token auth is in the fact the jboss-wsse-server.xml descriptor above should not have the <username/> element at all. That element is a client side configuration element for adding the username token header into the message, which is something the client does. The server will automatically check for existence of that header and try performing authentication. This is the reason why there's no "username" element in the "requiresType" in the schema, which is correct. There was an error in the samples, that I just noticed after years thanks to your thread (I should have checked the sample back when dealing with https://issues.jboss.org/browse/JBWS-2414 which has basically the explanation of your issue)
* the descriptors in the samples are not validated against jbossws-security xsd; to be honest this is an area for improvement, even if I honestly think we won't spend internal efforts on that given the focus having been moved to JBossWS-CXF for WS-* functionalities. Any contribution here is in any case accepted
* the http://community.jboss.org/wiki/JBossWS-AdvancedSamples page needs also to be updated; the directions on simply running Ant (default target) was fine at the time of the JBossWS 3.1.x build (perhaps 3.2.x too, I haven't check recently), but it's not for JBWS 3.4.x / 4.0.x. To be honest the whole wiki needs to reviewed together with the website by (or around ;-) ) the time JBossWS 4.0.0 goes final, because with the latest changes in the JBWS 4 major release, most of what there either does not apply anymore or is simply changed.
[1] http://community.jboss.org/wiki/JBossWS-AdvancedSamples#comment-8346