feat(build): 添加 BouncyCastle 依赖排除与打包检查

添加 `maven-enforcer-plugin` 并配置规则，禁止 BouncyCastle 签名 JAR 进入 fat JAR 包，避免 Spring Boot 嵌套 JAR 导致 JCE 签名校验失败。同时在 `yudao-module-ai` 和 `yudao-module-tik` 模块的 `spring-cloud-function-core` 依赖中排除 `bcprov-jdk18on` 和 `bcpkix-jdk18on`。
2026-05-26 22:29:46 +08:00
parent 9397e0f177
commit d5af885ce3
4 changed files with 56 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -40,6 +40,7 @@
        <maven.compiler.target>${java.version}</maven.compiler.target>
        <maven-surefire-plugin.version>3.5.3</maven-surefire-plugin.version>
        <maven-compiler-plugin.version>3.14.0</maven-compiler-plugin.version>
+        <maven-enforcer-plugin.version>3.5.0</maven-enforcer-plugin.version>
        <flatten-maven-plugin.version>1.7.2</flatten-maven-plugin.version>
        <!-- maven-surefire-plugin 暂时无法通过 bom 的依赖读取（兼容老版本 IDEA 2024 及以前版本） -->
        <lombok.version>1.18.38</lombok.version>
@@ -112,6 +113,11 @@
                    <groupId>org.codehaus.mojo</groupId>
                    <artifactId>flatten-maven-plugin</artifactId>
                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-enforcer-plugin</artifactId>
+                    <version>${maven-enforcer-plugin.version}</version>
+                </plugin>
            </plugins>
        </pluginManagement>

--- a/yudao-module-ai/pom.xml
+++ b/yudao-module-ai/pom.xml
@@ -247,6 +247,15 @@
                    <artifactId>spring-cloud-function-core</artifactId>
                    <groupId>org.springframework.cloud</groupId>
                </exclusion>
+                <!-- 排除 BouncyCastle，避免 Spring Boot 嵌套 JAR 导致 JCE 签名校验失败 -->
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk18on</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcpkix-jdk18on</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>

--- a/yudao-module-tik/pom.xml
+++ b/yudao-module-tik/pom.xml
@@ -271,6 +271,15 @@
                    <artifactId>spring-cloud-function-core</artifactId>
                    <groupId>org.springframework.cloud</groupId>
                </exclusion>
+                <!-- 排除 BouncyCastle，避免 Spring Boot 嵌套 JAR 导致 JCE 签名校验失败 -->
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk18on</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcpkix-jdk18on</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>

--- a/yudao-server/pom.xml
+++ b/yudao-server/pom.xml
@@ -153,6 +153,38 @@
                    </execution>
                </executions>
            </plugin>
+            <!-- 防止 BouncyCastle 签名 JAR 进入 fat JAR，导致 JCE 验证失败 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>${maven-enforcer-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>ban-bouncycastle</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <phase>package</phase>
+                        <configuration>
+                            <rules>
+                                <bannedDependencies>
+                                    <excludes>
+                                        <exclude>org.bouncycastle:bcprov-jdk18on</exclude>
+                                        <exclude>org.bouncycastle:bcpkix-jdk18on</exclude>
+                                        <exclude>org.bouncycastle:bcprov-jdk15on</exclude>
+                                        <exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
+                                    </excludes>
+                                    <message>
+                                        BouncyCastle JAR 是签名的，在 Spring Boot fat JAR 中会导致 JCE 签名验证失败。
+                                        请在对应依赖中添加 exclusion 排除 org.bouncycastle。
+                                    </message>
+                                </bannedDependencies>
+                            </rules>
+                            <fail>true</fail>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
        </plugins>
    </build>