[jira] [Updated] (LANG-1794) JavaDoc for RandomUtils.secure() incorrectly mentions securerandom.strongAlgorithms

[Zhongxin Yan (Jira)]

     [ 
https://issues.apache.org/jira/browse/LANG-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zhongxin Yan updated LANG-1794:
-------------------------------
    Description: 
 

{{{}RandomUtils.secure(){}}}的当前 JavaDoc 
文档指出，它“使用{{{}securerandom.strongAlgorithms{}}} Security 属性中指定的算法/提供程序”。这具有误导性。

实际上：
 * {{{}RandomUtils.secure(){}}}使用{{{}new SecureRandom() 
{}}}{{{}，{}}}而不{*}参考{*}securerandom.strongAlgorithms属性。{{{}{}}}

 * 
securerandom.strongAlgorithms属性{*}仅由{*}{{{}RandomUtils.secureStrong(){}}}使用，该函数内部调用{{{}SecureRandom.getInstanceStrong(){}}}从已配置的安全提供程序中选择一个强算法。{{{}（{}}}[Github
 PR）|https://github.com/apache/commons-lang/pull/1503]{*}{*} {{{}{}}}{{{}{}}}

!image-2025-11-26-23-02-35-854.png|width=562,height=208!

  was:
 

The current JavaDoc for {{RandomUtils.secure()}} states that it “uses an 
algorithms/providers specified in the {{securerandom.strongAlgorithms}} 
Security property.” This is misleading.

In reality:
 * {{RandomUtils.secure()}} uses {{new SecureRandom()}} and does *not* consult 
the {{securerandom.strongAlgorithms}} property.

 * The {{securerandom.strongAlgorithms}} property is *only used by* 
{{{}RandomUtils.secureStrong(){}}}, which internally calls 
{{SecureRandom.getInstanceStrong()}} to select a strong algorithm from the 
configured security providers
[Github PR|https://github.com/apache/commons-lang/pull/1503]

!image-2025-11-26-23-02-35-854.png|width=562,height=208!


> JavaDoc for RandomUtils.secure() incorrectly mentions 
> securerandom.strongAlgorithms
> -----------------------------------------------------------------------------------
>
>                 Key: LANG-1794
>                 URL: https://issues.apache.org/jira/browse/LANG-1794
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.20.0
>            Reporter: Zhongxin Yan
>            Priority: Major
>         Attachments: image-2025-11-26-23-02-17-321.png, 
> image-2025-11-26-23-02-35-854.png
>
>
>  
> {{{}RandomUtils.secure(){}}}的当前 JavaDoc 
> 文档指出，它“使用{{{}securerandom.strongAlgorithms{}}} Security 属性中指定的算法/提供程序”。这具有误导性。
> 实际上：
>  * {{{}RandomUtils.secure(){}}}使用{{{}new SecureRandom() 
> {}}}{{{}，{}}}而不{*}参考{*}securerandom.strongAlgorithms属性。{{{}{}}}
>  * 
> securerandom.strongAlgorithms属性{*}仅由{*}{{{}RandomUtils.secureStrong(){}}}使用，该函数内部调用{{{}SecureRandom.getInstanceStrong(){}}}从已配置的安全提供程序中选择一个强算法。{{{}（{}}}[Github
>  PR）|https://github.com/apache/commons-lang/pull/1503]{*}{*} {{{}{}}}{{{}{}}}
> !image-2025-11-26-23-02-35-854.png|width=562,height=208!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)