I would like to inform you of an issue I encountered while deploying JBoss and JBossWS (native) at a bank. The bank uses the SmartDefense intrusion detection system, and SmartDefense blocks SOAP calls done via the JBossWS native stack because of a "non-compliant HTTP header". The only details we could get from the intrusion detection system is that a header contains non-ascii data (our URLs, headers, payload does not contain any funny characters). Sorry but I have no further details nor dumps.
Of course that could also be a bug in the intrusion detection system, but it was not possible to overcome the issue. So I replaced the native stack by metro and the issue went away.
Not sure whether my input is valuable to the JBossWS team but I felt I should let you know of this issue, as other deployments might be affected as well.