Add a secure random string generator for par

wso2 · Jan 9, 2025 · 1afb45c · 1afb45c
1 parent 189576d
commit 1afb45c
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/...o2/openbanking/accelerator/push/authorization/endpoint/api/PushAuthorisationEndpoint.java b/...o2/openbanking/accelerator/push/authorization/endpoint/api/PushAuthorisationEndpoint.java
@@ -37,6 +37,7 @@
 import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext;
 import org.wso2.carbon.identity.oauth2.model.OAuth2Parameters;
 
+import java.security.SecureRandom;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
@@ -122,8 +123,9 @@ public Response parPost(@Context HttpServletRequest request, @Context HttpServle
             requestJWT = paramMap.get(REQUEST).toString();
         }
 
-        // Generate a urn with cryptographically strong pseudo random algorithm
-        String urn = RandomStringUtils.randomAlphanumeric(32);
+        // Generates a "secure" random string with 32 characters only using alphanumeric characters.
+        String urn = RandomStringUtils.random(32, 0, 0, true, true, null,
+                new SecureRandom());
 
         OpenBankingConfigurationService openBankingConfigurationService = getOBConfigService();