Package org.forgerock.openig.util
Class Randoms
- java.lang.Object
-
- org.forgerock.openig.util.Randoms
-
public final class Randoms extends Object
TheRandomsutility class offers methods to generate random values.It provides both implementation method(s) and functional interface(s) so that it's easy, in the code, to convey the meaning that random values with specific constraints are required.
In other words, a method can indicate it needs a random value to be used in a URL by having a dependency on
Randoms.UrlFriendlyRandomStringGenerator. Example:private URI addNonceToUri(final URI original, final UrlFriendlyRandomStringGenerator generator) { ... }From a usage perspective, a simple method reference can be used to provide the generator function:
URI modified = addNonceToUri(uri, Randoms::generateSecureRandomValue)
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interfaceRandoms.UrlFriendlyRandomStringGeneratorGenerates a random value (cryptographically secure) that can be used in a query parameter value.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static StringgenerateSecureRandomValue()Returns a cryptographically-secure random value (nevernull).static StringgenerateSessionId()Returns a cryptographically-secure random value usable as session identifier.
-
-
-
Method Detail
-
generateSecureRandomValue
public static String generateSecureRandomValue()
Returns a cryptographically-secure random value (nevernull).The generated value is URL query parameter friendly (base 36: [0-9] + [a-z]).
- Returns:
- a cryptographically-secure random value (never
null).
-
generateSessionId
public static String generateSessionId()
Returns a cryptographically-secure random value usable as session identifier. (nevernull).The generated value is base64 encoded.
- Returns:
- a cryptographically-secure random value (never
null). - See Also:
- OWASP considers a 128 bit long random value as secure enough against brute force attacks
-
-