Home/ Questions/Q 7831105
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T11:34:26+00:00

I developed web services using CXF. Today i added the simple user name token

  • 0

I developed web services using CXF. Today i added the simple user name token security for the web service. After that when i try to deploy the web service i am getting following exception

javax.xml.ws.WebServiceException: java.lang.RuntimeException: Incorrect inclusion value: null
Failed to build the policy 'UsernameToken':Incorrect inclusion value: null

I am using Jboss 6 . The following is my policy snippet i have added in the wsdl file.

<wsp:Policy wsu:Id="UsernameToken"
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
        xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:ExactlyOne>
            <wsp:All>
                <!-- Empty <TransportBinding/> element required due to bug in CXF 2.2.6 -->
                <sp:TransportBinding />
                <sp:SupportingTokens>
                    <wsp:Policy>
                        <sp:UsernameToken sp:IncludeToken=".../IncludeToken/AlwaysToRecipient" />
                    </wsp:Policy>
                </sp:SupportingTokens>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

The following is my cxf.xml file

<jaxws:endpoint id="UpcLineOfBusinessServiceImpl"
        address="/upcLineOfBusinessService" wsdlLocation="../wsdl/upclineofbusinessserviceimpl.wsdl">
        <jaxws:implementor>
            <ref bean="upcLineOfBusinessService"></ref>
        </jaxws:implementor>
        <jaxws:inInterceptors>
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
                <constructor-arg>
                    <map>
                        <entry key="action" value="UsernameToken" />
                        <entry key="passwordType" value="PasswordText" />
                        <entry key="passwordCallbackClass" value="com.tecnotree.upc.security.PasswordCallBack" />
                    </map>
                </constructor-arg>
            </bean>
        </jaxws:inInterceptors>
    </jaxws:endpoint>

Please help me . Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve recently come across the same exception. The problem was incorrect sp:IncludeToken value. After I changed it to http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient everything worked fine.

    Available values are defined in org.apache.cxf.ws.security.policy.SP12Constants (for WS-SecurityPolicy 1.2) or in org.apache.cxf.ws.security.policy.SP11Constants (for 1.1)

    Complete policy definition looks like this:

    <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
    <wsp:ExactlyOne>    
        <wsp:All>
            <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
                    <sp:UsernameToken
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken10 />
                            <sp:HashPassword />
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>
    • 0