If a client is configured for UsernameToken profile and if the client does not provide the username or password then a NullPointerException is caused.

2006-08-01 08:56:18,488 ERROR [org.jboss.ws.handler.HandlerChainBaseImpl] RuntimeException in request handler
java.lang.NullPointerException
at org.jboss.ws.wsse.WSSecurityDispatcher.handleOutbound(WSSecurityDispatcher.java:249)
at org.jboss.ws.wsse.WSSecurityHandler.handleOutboundSecurity(WSSecurityHandler.java:75)
at org.jboss.ws.wsse.WSSecurityHandlerOutbound.handleRequest(WSSecurityHandlerOutbound.java:38)
at org.jboss.ws.handler.HandlerWrapper.handleRequest(HandlerWrapper.java:121)
at org.jboss.ws.handler.HandlerChainBaseImpl.handleRequest(HandlerChainBaseImpl.java:258)
at org.jboss.ws.jaxrpc.CallImpl.callRequestHandlerChain(CallImpl.java:736)
at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:643)
at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:403)
at org.jboss.ws.jaxrpc.CallProxy.invoke(CallProxy.java:148)

Looking at the code it apears that the intention is that if the username or password are not provided the addition of the usernametoken to the message should be skipped.