I am now using xfire to do the username token (because I have an example that works) but this conflicts with my existing jbossws code. Arrghh!!
take a look at the jbossws samples; download the src archive from the project download page, then see class org.jboss.test.ws.jaxws.samples.wssecurity.SimpleUsernameTestCase. It's a working sample using the Username Token.
You may also find an example in the interop test package.