JBossWS-Native does not support WS-SecurityPolicy. Hence you can't expect it automatically consume and understand WS-Security Policy assertions. You need to move to JBossWS-CXF stack for that, or ignore the policies (make your client consume a modified wsdl without the policies) and configure ws-security as you want.
Setting the com.sun.xml.ws.spi.ProviderImpl provider is basically equivalent to directing your client on using the JAXWS RI (iow Metro); that's not necessarily evil, just be aware of that.