feat(build): 添加 BouncyCastle 依赖排除与打包检查

添加 `maven-enforcer-plugin` 并配置规则，禁止 BouncyCastle 签名 JAR 进入 fat JAR 包，避免 Spring Boot 嵌套 JAR 导致 JCE 签名校验失败。同时在 `yudao-module-ai` 和 `yudao-module-tik` 模块的 `spring-cloud-function-core` 依赖中排除 `bcprov-jdk18on` 和 `bcpkix-jdk18on`。
2026-05-26 22:29:46 +08:00
parent 9397e0f177
commit d5af885ce3
4 changed files with 56 additions and 0 deletions
--- a/yudao-server/pom.xml
+++ b/yudao-server/pom.xml
@@ -153,6 +153,38 @@
                    </execution>
                </executions>
            </plugin>
+            <!-- 防止 BouncyCastle 签名 JAR 进入 fat JAR，导致 JCE 验证失败 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>${maven-enforcer-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>ban-bouncycastle</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <phase>package</phase>
+                        <configuration>
+                            <rules>
+                                <bannedDependencies>
+                                    <excludes>
+                                        <exclude>org.bouncycastle:bcprov-jdk18on</exclude>
+                                        <exclude>org.bouncycastle:bcpkix-jdk18on</exclude>
+                                        <exclude>org.bouncycastle:bcprov-jdk15on</exclude>
+                                        <exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
+                                    </excludes>
+                                    <message>
+                                        BouncyCastle JAR 是签名的，在 Spring Boot fat JAR 中会导致 JCE 签名验证失败。
+                                        请在对应依赖中添加 exclusion 排除 org.bouncycastle。
+                                    </message>
+                                </bannedDependencies>
+                            </rules>
+                            <fail>true</fail>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
        </plugins>
    </build>