[
https://issues.apache.org/jira/browse/LANG-1807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhongxin Yan updated LANG-1807:
-------------------------------
Description:
h2. 1. Make private static singleton variables final in RandomUtils
The {{RandomUtils}} class maintains three core singleton instances exposed via
static fields, which are currently missing the {{final}} modifier:
{code:java}
// code placeholder
private static RandomUtils INSECURE = new
RandomUtils(ThreadLocalRandom::current);
private static RandomUtils SECURE = new RandomUtils(SecureRandom::new);
private static RandomUtils SECURE_STRONG = new
RandomUtils(SECURE_STRONG_SUPPLIER); {code}
The cause of the error is similar to that of LANG-1799
h2. 2. Fix Javadoc for {{insecure()}} methods in RandomUtils and
RandomStringUtils
!image-2025-12-22-23-24-49-830.png|width=451,height=147!
The current Javadoc for {{RandomUtils.insecure()}} contains misleading
information:
{code:java}
// code placeholder
"use {@link #secure()} to use an algorithms/providers specified in the {@code
securerandom.strongAlgorithms}" {code}
This is incorrect because the securerandom.strongAlgorithms property is only
used by secureStrong(), which internally relies on
SecureRandom.getInstanceStrong(). The secure() method uses
SecureRandom.SecureRandom() (default algorithm) and has no connection to
securerandom.strongAlgorithms.
[github PR|https://github.com/apache/commons-lang/pull/1539]
was:
h2. 1. Make private static singleton variables final in RandomUtils
The {{RandomUtils}} class maintains three core singleton instances exposed via
static fields, which are currently missing the {{final}} modifier:
{code:java}
// code placeholder
private static RandomUtils INSECURE = new
RandomUtils(ThreadLocalRandom::current);
private static RandomUtils SECURE = new RandomUtils(SecureRandom::new);
private static RandomUtils SECURE_STRONG = new
RandomUtils(SECURE_STRONG_SUPPLIER); {code}
The cause of the error is similar to that of LANG-1799
h2. 2. Fix Javadoc for {{insecure()}} methods in RandomUtils and
RandomStringUtils
!image-2025-12-22-23-24-49-830.png|width=451,height=147!
The current Javadoc for {{RandomUtils.insecure()}} contains misleading
information:
{code:java}
// code placeholder
"use {@link #secure()} to use an algorithms/providers specified in the {@code
securerandom.strongAlgorithms}" {code}
This is incorrect because the securerandom.strongAlgorithms property is only
used by secureStrong(), which internally relies on
SecureRandom.getInstanceStrong(). The secure() method uses
SecureRandom.SecureRandom() (default algorithm) and has no connection to
securerandom.strongAlgorithms.
> Make private static variables final in RandomUtils and fix the Javadoc for
> the insecure() methods in both RandomUtils and RandomStringUtils
> -------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: LANG-1807
> URL: https://issues.apache.org/jira/browse/LANG-1807
> Project: Commons Lang
> Issue Type: Bug
> Components: lang.*
> Affects Versions: 3.20.0
> Reporter: Zhongxin Yan
> Priority: Major
> Attachments: image-2025-12-22-23-24-49-830.png
>
>
> h2. 1. Make private static singleton variables final in RandomUtils
> The {{RandomUtils}} class maintains three core singleton instances exposed
> via static fields, which are currently missing the {{final}} modifier:
> {code:java}
> // code placeholder
> private static RandomUtils INSECURE = new
> RandomUtils(ThreadLocalRandom::current);
> private static RandomUtils SECURE = new RandomUtils(SecureRandom::new);
> private static RandomUtils SECURE_STRONG = new
> RandomUtils(SECURE_STRONG_SUPPLIER); {code}
> The cause of the error is similar to that of LANG-1799
>
> h2. 2. Fix Javadoc for {{insecure()}} methods in RandomUtils and
> RandomStringUtils
> !image-2025-12-22-23-24-49-830.png|width=451,height=147!
> The current Javadoc for {{RandomUtils.insecure()}} contains misleading
> information:
> {code:java}
> // code placeholder
> "use {@link #secure()} to use an algorithms/providers specified in the {@code
> securerandom.strongAlgorithms}" {code}
> This is incorrect because the securerandom.strongAlgorithms property is only
> used by secureStrong(), which internally relies on
> SecureRandom.getInstanceStrong(). The secure() method uses
> SecureRandom.SecureRandom() (default algorithm) and has no connection to
> securerandom.strongAlgorithms.
> [github PR|https://github.com/apache/commons-lang/pull/1539]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
