Hi, i have cloned SoapUI form GitHub to test my plugin against the latest development branch. To my surpirse the plugin wasn't loaded anymore. An error message was shown in the log that the plugin was not loaded because it contains unsigned classes.After digging into the code i found a ProductBodyguard.java which was newly introduced in September '15. This class is responsible for checking the signature of loaded plugin classes to a smartbear public certificate. My questions so far:Who is responsible for signing plugin jars from the community?How does this align to the idea of open source? Any discussion is very welcome. Regards,Holger

Hi,thanks for that link. But it did not help me much. I already have a developed a plugin. You can find it on GitHub (https://github.com/hschott/ready-websocket-plugin) and it is listed on the page you linked to. I have developed against SoapUI OS 5.2.0 with no problems. When running the same plugin inside SoapUI OS 5.2.1 i'm getting an error message, that the plugin could not be loaded, because it is not signed by Smartbear. 09:01:50,412 ERROR [SoapUI] An error occurred [The plugin '/Users/hos/.soapuios/plugins/ready-websocket-plugin.jar' has unsigned class files.], see error log for detailsPlease see also this Pull request on GitHub https://github.com/SmartBear/soapui/pull/201 . Any ideas about that. Regards,Holger

Hi Tanya, i'm sorry but i can not accept that.This change has a very deep impact on the behavoir of SoapUI OS.It was done on a patch level version change 5.2.0 > 5.2.1.It is nowhere documented.There is no hint in the release notes.It does not correspond to the idea of community driven open source. Please revert this change in the next release. Regards,Holger

Hi Manne, well, i understand the intention to sign plug-ins. But the solution is not very well crafted. At first there must be a way for developers to test their code. I see three ways to solve this:1. without signing2. by signing with a self-signed certificate like Android development does it (opt-in by the user thru UI dialog)3. by signing with a developer certificate signed by Smartbear like Apple development does it At second there should be a documented and working process how to get a plug-in reviewed and signed for production. Both points require a medum to large infrastructure and management effort backed by tools and staff. Are you aware of this? Regards,Holger

I agree it's very ad-hoc at the moment and that we have to improve. Your suggestions seem very sensible to me, but we have to discuss them before I can tell you how we will evolve this. Please bear with us! /Manne

Regarding signing of plugins in SoapUI. 1) We welcome community written plugins for the new framework of SoapUI! 2) In SoapUI 5.2.1 and later we require plugins to be signed to run in the new plugin framework. The reason is to minimize the risk of loading plugins that don’t work as expected. For example: Plugins written for the similar plugin framework in Ready!API might use the framework in ways not supported in SoapUI. 3) We will review plugins in a similar way as any code contribution to SoapUI, and after successful review the plugin will be enabled to run in the new framework. 4) We are aware that developers need a smooth review process that doesn't slow down iterative development of plugins, so we will work together with contributors to find a good process. Kind regards, Matti Hjelm, PO SoapUI

Do i have to sign my plugin from SoapUI 5.2.1 on?

20 Replies

nmrao
Champion Level 3
9 years ago
Did you happed to see this link
http://community.smartbear.com/t5/SmartBear-Developer-Network/ct-p/SmartBear_Developer_Network
- hschott
  Occasional Contributor
  9 years ago
  Hi,
  thanks for that link. But it did not help me much.
  
  I already have a developed a plugin. You can find it on GitHub (https://github.com/hschott/ready-websocket-plugin) and it is listed on the page you linked to.
  
  I have developed against SoapUI OS 5.2.0 with no problems. When running the same plugin inside SoapUI OS 5.2.1 i'm getting an error message, that the plugin could not be loaded, because it is not signed by Smartbear.
  
  09:01:50,412 ERROR [SoapUI] An error occurred [The plugin '/Users/hos/.soapuios/plugins/ready-websocket-plugin.jar' has unsigned class files.], see error log for details
  Please see also this Pull request on GitHub https://github.com/SmartBear/soapui/pull/201 .
  
  Any ideas about that.
  
  Regards,
  Holger
  - TanyaYatskovska
    SmartBear Alumni (Retired)
    9 years ago
    Hi Hschott,
    
    As far as I know some changes with the plugin manager were implemented in SoapUI 5.2.1. Since that, only SmartBear-made plugins can work with the new manager.
    
    I can suggest the following options for you:
    
    You can send your plugin at soapuiplugins@smartbear.com. Our team will review it and add to the product.
    
    You can consider moving to SoapUI NG - user-made plugins are allowed here. SoapUI NG is the newest SoapUI version and it is included into Ready! API.
markiz
Occasional Contributor
7 years ago
Having same problem SoapUI version 5.3.0.
- sergi_opl
  New Contributor
  6 years ago
  Unfortunately, SmartBear does not sign plugin JARs anymore, so it looks like SoapUI OS does not support custom plugins currently. Not sure if they have some plans for doing that in future.

Forum Discussion

Do i have to sign my plugin from SoapUI 5.2.1 on?

20 Replies

Related Content

SoapUI 5.2.1 5.4.0 fails to start, install, unistall

[SoapUI 5.2.1] mockRequest is NULL in REST MockService

SoapUI 5.2.1 adapting the UI to monitor resolution 2880x1620

SoapUI 5.2.1-REST Service's JSON response not displayed in JSON view

org.codehaus.groovy.control.MultipleCompilationErrorsException on updation from 5.2.1 to 5.3.0

Recent Discussions

clone TestSuite fails when there are more project with the same name

Will SOAP UI 5.6.1 work with JDK 8

SOAP Request works in SoapUI, but not in C# code

How to configure Swagger in Paas to use it in Oracle APEX instance.

log4j1.x vulnerability