build(yudao-server): 使用 spring-boot-maven-plugin 排除 BouncyCastle 替代 maven-enforcer-plugin

将防 BouncyCastle 签名 JAR 进入 fat JAR 的策略从 maven-enforcer-plugin 的编译时限制改为 spring-boot-maven-plugin 的打包时排除，并从根 pom 移除不再需要的 enforcer 插件及依赖版本属性。同时删除 yudao-dependencies 中全局提供的空壳 BouncyCastle 依赖，避免污染所有模块的类路径。
2026-05-27 20:52:06 +08:00
parent 5477e2f261
commit 98fb35f0b9
3 changed files with 21 additions and 63 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -40,7 +40,6 @@
        <maven.compiler.target>${java.version}</maven.compiler.target>
        <maven-surefire-plugin.version>3.5.3</maven-surefire-plugin.version>
        <maven-compiler-plugin.version>3.14.0</maven-compiler-plugin.version>
-        <maven-enforcer-plugin.version>3.5.0</maven-enforcer-plugin.version>
        <flatten-maven-plugin.version>1.7.2</flatten-maven-plugin.version>
        <!-- maven-surefire-plugin 暂时无法通过 bom 的依赖读取（兼容老版本 IDEA 2024 及以前版本） -->
        <lombok.version>1.18.38</lombok.version>
@@ -113,11 +112,6 @@
                    <groupId>org.codehaus.mojo</groupId>
                    <artifactId>flatten-maven-plugin</artifactId>
                </plugin>
-                <plugin>
-                    <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-enforcer-plugin</artifactId>
-                    <version>${maven-enforcer-plugin.version}</version>
-                </plugin>
            </plugins>
        </pluginManagement>

--- a/yudao-dependencies/pom.xml
+++ b/yudao-dependencies/pom.xml
@@ -111,31 +111,6 @@
                    </exclusion>
                </exclusions>
            </dependency>
-            <!-- 全局排除：所有 BouncyCastle 变体提供空壳版本，从源头杜绝 -->
-            <dependency>
-                <groupId>org.bouncycastle</groupId>
-                <artifactId>bcprov-jdk18on</artifactId>
-                <version>0.0.0</version>
-                <scope>provided</scope>
-            </dependency>
-            <dependency>
-                <groupId>org.bouncycastle</groupId>
-                <artifactId>bcpkix-jdk18on</artifactId>
-                <version>0.0.0</version>
-                <scope>provided</scope>
-            </dependency>
-            <dependency>
-                <groupId>org.bouncycastle</groupId>
-                <artifactId>bcprov-jdk15on</artifactId>
-                <version>0.0.0</version>
-                <scope>provided</scope>
-            </dependency>
-            <dependency>
-                <groupId>org.bouncycastle</groupId>
-                <artifactId>bcpkix-jdk15on</artifactId>
-                <version>0.0.0</version>
-                <scope>provided</scope>
-            </dependency>
            <!-- 锁定 volcengine SDK 版本，避免 agents-flex-image-volcengine 的 LATEST 解析到不存在的 2.0.6 -->
            <dependency>
                <groupId>com.volcengine</groupId>
--- a/yudao-server/pom.xml
+++ b/yudao-server/pom.xml
@@ -145,6 +145,27 @@
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>${spring.boot.version}</version>
+                <configuration>
+                    <!-- 从 fat JAR 中剔除 BouncyCastle：签名 JAR 在嵌套加载时 JCE 验证失败 -->
+                    <excludes>
+                        <exclude>
+                            <groupId>org.bouncycastle</groupId>
+                            <artifactId>bcprov-jdk18on</artifactId>
+                        </exclude>
+                        <exclude>
+                            <groupId>org.bouncycastle</groupId>
+                            <artifactId>bcpkix-jdk18on</artifactId>
+                        </exclude>
+                        <exclude>
+                            <groupId>org.bouncycastle</groupId>
+                            <artifactId>bcprov-jdk15on</artifactId>
+                        </exclude>
+                        <exclude>
+                            <groupId>org.bouncycastle</groupId>
+                            <artifactId>bcpkix-jdk15on</artifactId>
+                        </exclude>
+                    </excludes>
+                </configuration>
                <executions>
                    <execution>
                        <goals>
@@ -153,38 +174,6 @@
                    </execution>
                </executions>
            </plugin>
-            <!-- 防止 BouncyCastle 签名 JAR 进入 fat JAR，导致 JCE 验证失败 -->
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-enforcer-plugin</artifactId>
-                <version>${maven-enforcer-plugin.version}</version>
-                <executions>
-                    <execution>
-                        <id>ban-bouncycastle</id>
-                        <goals>
-                            <goal>enforce</goal>
-                        </goals>
-                        <phase>package</phase>
-                        <configuration>
-                            <rules>
-                                <bannedDependencies>
-                                    <excludes>
-                                        <exclude>org.bouncycastle:bcprov-jdk18on</exclude>
-                                        <exclude>org.bouncycastle:bcpkix-jdk18on</exclude>
-                                        <exclude>org.bouncycastle:bcprov-jdk15on</exclude>
-                                        <exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
-                                    </excludes>
-                                    <message>
-                                        BouncyCastle JAR 是签名的，在 Spring Boot fat JAR 中会导致 JCE 签名验证失败。
-                                        请在对应依赖中添加 exclusion 排除 org.bouncycastle。
-                                    </message>
-                                </bannedDependencies>
-                            </rules>
-                            <fail>true</fail>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
        </plugins>
    </build>