Adding a captcha (with reCAPTCHA)

Skip to end of metadata
Go to start of metadata

A captcha is an image with some modified text on it. They're usually used to prevent automated scripts from accessing certain parts of your site. For example, you'd add a captcha on a wiki edit page or a forum reply page so a spammer doesn't make a bunch of fake content on your site. You can find a detailed explanation and screenshots here: http://en.wikipedia.org/wiki/Captcha.

This page will teach you how to add a captcha to your site by using reCAPTCHA. reCAPTCHA is a free (and ad-free) widget that will generate captchas for you.

First things first; you will need to sign up for a reCAPTCHA account. Don't worry, this is very straightforward. Sign up for an account here: http://recaptcha.net/whyrecaptcha.html. After you sign up, you will be given a public and a private key. Write these down because you'll need them later.

The second thing you'll want to do is download a reCAPTCHA library that simplifies using the reCAPTCHA API in java. You can download that here: http://code.google.com/p/recaptcha/downloads/list. Download the zip that says "for Java". Extract the jar and put it in your classpath.

Now for some code. Add this to your ActionBean:

public String getReCaptchaHtml() {
    ReCaptcha recaptcha = createReCaptcha();
    return recaptcha.createRecaptchaHtml("You did not type the captcha correctly", new Properties());
}

private ReCaptcha createReCaptcha() {
    String publicKey = //your public key
    String privateKey = //your private key
    return ReCaptchaFactory.newReCaptcha(publicKey, privateKey, true);
}

With this, we can add the reCAPTCHA widget to our JSP like so:

${actionBean.reCaptchaHtml}

But one thing remains: We don't have a way to tell if the user submitted the correct value. Lets assume the method that gets called on submit is named "submit". Here's how you would add a validation method that ensures that the captcha code was entered correctly:

@ValidationMethod(on = "submit")
public void captchaValidation(ValidationErrors errors) {
    ReCaptchaResponse response = createReCaptcha().checkAnswer(context.getRequest().getRemoteAddr(),
            context.getRequest().getParameter("recaptcha_challenge_field"),
            context.getRequest().getParameter("recaptcha_response_field"));
    if (!response.isValid()) {
        errors.add("Captcha", new SimpleError("You didn't type the captcha correctly!"));
    }
}

This will give you a completely functional captcha.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.