This is an automated email from the ASF dual-hosted git repository. mgrigorov pushed a commit to branch WICKET-7174-lazy-load-SecureRandom in repository https://gitbox.apache.org/repos/asf/wicket.git
commit 8dd87f93d6d8a5fb39ffa45c89cde2b0d5d30530 Author: Martin Tzvetanov Grigorov <[email protected]> AuthorDate: Mon Jan 26 15:02:08 2026 +0200 WICKET-7174: DefaultSecureRandomSupplier does not work for FIPS 1. Lazy load DefaultSecureRandomSupplier in SecuritySettings.java 2. Lazy load `SecureRandom.getInstance("SHA1PRNG")` in DefaultSecureRandomSupplier.java --- .../core/random/DefaultSecureRandomSupplier.java | 21 +++++++++++---------- .../apache/wicket/settings/SecuritySettings.java | 6 +++++- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java index b8168b35de..42e12ea6dd 100644 --- a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java +++ b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java @@ -32,23 +32,24 @@ import org.apache.wicket.WicketRuntimeException; */ public class DefaultSecureRandomSupplier implements ISecureRandomSupplier { - private SecureRandom random; - - public DefaultSecureRandomSupplier() + private static final class Holder { - try - { - random = SecureRandom.getInstance("SHA1PRNG"); - } - catch (NoSuchAlgorithmException e) + private static final SecureRandom INSTANCE; + + static { - throw new WicketRuntimeException(e); + try + { + INSTANCE = SecureRandom.getInstance("SHA1PRNG"); + } catch (NoSuchAlgorithmException e) { + throw new WicketRuntimeException(e); + } } } @Override public SecureRandom getRandom() { - return random; + return Holder.INSTANCE; } } diff --git a/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java b/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java index 1c55aadadf..fdd9782538 100644 --- a/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java +++ b/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java @@ -59,7 +59,7 @@ public class SecuritySettings private ICryptFactory cryptFactory; /** supplier of random data and SecureRandom */ - private ISecureRandomSupplier randomSupplier = new DefaultSecureRandomSupplier(); + private ISecureRandomSupplier randomSupplier; /** * Whether mounts should be enforced. If {@code true}, requests for a page will be @@ -139,6 +139,10 @@ public class SecuritySettings */ public ISecureRandomSupplier getRandomSupplier() { + if (randomSupplier == null) + { + randomSupplier = new DefaultSecureRandomSupplier(); + } return randomSupplier; }
