The javadoc does not say anything so there is no reason it would return a string with at least one digit, lowercase and uppercase.
You could keep generating passwords until you get what you want, for example:
String pass;
do {
pass = randomAlphanumeric(10);
} while (!pass.matches(".*(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).*"));
The regex is adapted from this answer.