And this is a catch! You just gave me information for server side which I don't need at all because I am writing a client application that deloyed into JBoss server and it is consuming remote WS-Security protected webservice deployed somewhere in the interned on unknown server. And everybody who is in my position is confused with JBoss documentation because there is a lot of information about how to configure server side for web service, but only couple lines about how to create a client application. On the page you provided it is only 1 section "Use BindingProvider to set principal/credential" that describes quick and dirty way of setting password (don't think it should be used in production) but it is ommiting all steps that required before those lines start working and there is no information about different ways to configure client application.
So my question is still open...