(wicket) branch master updated: WICKET-7174: DefaultSecureRandomSupplier does not work for FIPS (#1361)

[mgrigorov]

This is an automated email from the ASF dual-hosted git repository.

mgrigorov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git


The following commit(s) were added to refs/heads/master by this push:
     new 5710d7d276 WICKET-7174: DefaultSecureRandomSupplier does not work for 
FIPS (#1361)
5710d7d276 is described below

commit 5710d7d276bb0a407dbf592dfe666612b4272282
Author: Martin Grigorov <marti...@users.noreply.github.com>
AuthorDate: Tue Jan 27 08:50:03 2026 +0200

    WICKET-7174: DefaultSecureRandomSupplier does not work for FIPS (#1361)
    
    1. Lazy load DefaultSecureRandomSupplier in SecuritySettings.java
    2. Lazy load `SecureRandom.getInstance("SHA1PRNG")` in
    DefaultSecureRandomSupplier.java
---
 .../core/random/DefaultSecureRandomSupplier.java    | 21 +++++++++++----------
 .../apache/wicket/settings/SecuritySettings.java    |  6 +++++-
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git 
a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
 
b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
index b8168b35de..42e12ea6dd 100644
--- 
a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
+++ 
b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
@@ -32,23 +32,24 @@ import org.apache.wicket.WicketRuntimeException;
  */
 public class DefaultSecureRandomSupplier implements ISecureRandomSupplier
 {
-       private SecureRandom random;
-
-       public DefaultSecureRandomSupplier()
+       private static final class Holder
        {
-               try
-               {
-                       random = SecureRandom.getInstance("SHA1PRNG");
-               }
-               catch (NoSuchAlgorithmException e)
+               private static final SecureRandom INSTANCE;
+
+               static
                {
-                       throw new WicketRuntimeException(e);
+                       try
+                       {
+                               INSTANCE = SecureRandom.getInstance("SHA1PRNG");
+                       } catch (NoSuchAlgorithmException e) {
+                               throw new WicketRuntimeException(e);
+                       }
                }
        }
 
        @Override
        public SecureRandom getRandom()
        {
-               return random;
+               return Holder.INSTANCE;
        }
 }
diff --git 
a/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java 
b/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java
index 1c55aadadf..fdd9782538 100644
--- a/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java
+++ b/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java
@@ -59,7 +59,7 @@ public class SecuritySettings
        private ICryptFactory cryptFactory;
 
        /** supplier of random data and SecureRandom */
-       private ISecureRandomSupplier randomSupplier = new 
DefaultSecureRandomSupplier();
+       private ISecureRandomSupplier randomSupplier;
 
        /**
         * Whether mounts should be enforced. If {@code true}, requests for a 
page will be
@@ -139,6 +139,10 @@ public class SecuritySettings
         */
        public ISecureRandomSupplier getRandomSupplier()
        {
+               if (randomSupplier == null)
+               {
+                       randomSupplier = new DefaultSecureRandomSupplier();
+               }
                return randomSupplier;
        }