I'm happy to try to help. Sometimes you can feel like you are "crying out" in the WS-Security "wilderness" here. The developers rely on their test cases and test suites, but I think that there could be more test coverage for WS-Security applications, especially ones that use wsconsume.
To get more detail from your application, try adding some of these to the logging configuration file used by your client:
#log4j.logger.org.jboss.ws=TRACE
log4j.logger.org.jboss.ws.extensions.security.WSSecurityDispatcher=DEBUG
#log4j.logger.org.jboss.ws.extensions.security=TRACE
If you configure your server logging similarly, my guess is that you are going to see the that the server is throwing a fault because the decryption fails. (And my suspicion is that the real problem is that the client may not be performing the encryption properly).
The other thing you might prepare yourself for is that your client may very well work correctly with a sufficient level of debugging. I have a native JBossWS 3.1.1 client that works - as long as WSSecurityDispatcher logs with a level of DEBUG or TRACE! Go figure. :-/
I had enough trouble trying to get a client working without the additional work of packaging it into a jar, so I can't comment on placing the client security configuration in META-INF.