build(deps): 全局排除 BouncyCastle 依赖以解决 Spring Boot fat JAR 签名问题

在 `yudao-dependencies/pom.xml` 中为所有 BouncyCastle 变体添加空壳版本（`0.0.0`）和 `provided` 作用域，从源头杜绝 JCE 签名校验失败。同时更新注释以更清晰地说明原因。同步排除 `yudao-module-ai` 中 `aliyun-java-sdk-core` 依赖和 `yudao-module-pay` 中 `weixin-java-pay` 依赖的 `bcprov-jdk18on`，确保所有模块不受影响。
2026-05-26 22:48:27 +08:00
parent d5af885ce3
commit 5477e2f261
3 changed files with 40 additions and 1 deletions
--- a/yudao-dependencies/pom.xml
+++ b/yudao-dependencies/pom.xml
@@ -88,7 +88,7 @@
                <type>pom</type>
                <scope>import</scope>
            </dependency>
-            <!-- 排除 Netty 4.2.x 引入的 BouncyCastle，避免 Spring Boot 嵌套 JAR 导致 JCE 签名校验失败 -->
+            <!-- 排除 BouncyCastle：签名 JAR 在 Spring Boot fat JAR 中会导致 JCE 验证失败 -->
            <dependency>
                <groupId>io.netty</groupId>
                <artifactId>netty-handler</artifactId>
@@ -111,6 +111,31 @@
                    </exclusion>
                </exclusions>
            </dependency>
+            <!-- 全局排除：所有 BouncyCastle 变体提供空壳版本，从源头杜绝 -->
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcprov-jdk18on</artifactId>
+                <version>0.0.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcpkix-jdk18on</artifactId>
+                <version>0.0.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcprov-jdk15on</artifactId>
+                <version>0.0.0</version>
+                <scope>provided</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcpkix-jdk15on</artifactId>
+                <version>0.0.0</version>
+                <scope>provided</scope>
+            </dependency>
            <!-- 锁定 volcengine SDK 版本，避免 agents-flex-image-volcengine 的 LATEST 解析到不存在的 2.0.6 -->
            <dependency>
                <groupId>com.volcengine</groupId>
--- a/yudao-module-ai/pom.xml
+++ b/yudao-module-ai/pom.xml
@@ -34,6 +34,16 @@
            <groupId>com.aliyun</groupId>
            <artifactId>aliyun-java-sdk-core</artifactId>
            <version>4.6.3</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15on</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk18on</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>
        <dependency>
            <groupId>com.alibaba.nls</groupId>
--- a/yudao-module-pay/pom.xml
+++ b/yudao-module-pay/pom.xml
@@ -77,6 +77,10 @@
                    <groupId>org.bouncycastle</groupId>
                    <artifactId>bcprov-jdk15on</artifactId>
                </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk18on</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>
        <dependency>