When jbossws is configured to "use org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer" JaxWS handler, all SOAP messages have to contain optional Header element. Messages which do not contain this element causes NullPointerException.

Class: WSSecurityDispatcher
Method: public static void handleInbound(CommonMessageContext ctx) throws SOAPException, SOAPFaultException

// soapHeader is null for messages without header element.
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
QName secQName = new QName(Constants.WSSE_NS, "Security");
// Method findElement try to use soapHeader without checking against null first and causes NullPointerException.
Element secHeaderElement = Util.findElement(soapHeader, secQName);

Workaround:
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
Element secHeaderElement = null;
if( soapHeader != null ) {
QName secQName = new QName(Constants.WSSE_NS, "Security");
secHeaderElement = Util.findElement(soapHeader, secQName);
}