How to reCAPTCHA your Java application
reCAPTCHA is a novel CAPTCHA system developed by the School of
Computer Science at my alma mater, Carnegie Mellon University. I won’t
explain its coolness here since they do a good job of explaining that coolness themselves.
What I will do here, though, is explain how to get your Java app
reCAPTCHAed very quickly. Note however that reCAPTCHA is not tied
specifically to Java.
In this tutorial I’m using Spring 2.5 MVC with annotations, and
Commons Validator, but you’ll be able to follow this whether or not
you’re using Spring and Validator.
These instructions are based on the instructions from the reCAPTCHA site,
but I’m focusing specifically on Java integration whereas the site
makes you dig around a bit to get the information. Not too bad, but
enough that there’s value in my writing a Java-specific tutorial.
Step 1. Get your account and key pair
First, go to the reCAPTCHA web site
and create an account. As part of that account creation process you’ll
have to specify the domain your reCAPTCHA will be protecting. The
reCAPTCHA site will will give you a key pair for that domain. The key
pair allows you to authenticate your reCAPTCHA requests to the reCAPTCHA
servers, as we’ll see.
Step 2. Put the reCAPTCHA JavaScript in your app’s form
Here’s the JavaScript you need to put in your form, meaning in between the <form> and </form> tags. Put it wherever you would have normally put a CAPTCHA text box. This JavaScript will generate the reCAPTCHA box when users request the page:================================================================
<script type="text/javascript"
src="http://api.recaptcha.net/challenge?k=<your_public_key>">
</script>
<noscript>
<iframe src="http://api.recaptcha.net/noscript?k=<your_public_key>"
height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
================================================================
It probably goes without saying, but I’ll say it anyway: you need to
replace the two instances of <your_public_key> with the public key
that you received during the account creation process. Be careful that
you don’t use your private key by mistake. If you do that then everybody
will be able to see your private key and act like they’re you.
Step 3. Run your app and make sure the reCAPTCHA is showing up
You should see it there in your form. It’s OK if you are coming from
localhost or 127.0.0.1
instead of the domain that you specified in the account creation step;
reCAPTCHA will allow that. You should be able to click the buttons on
the reCAPTCHA box and they should work.
After you goof around with that a bit, you’ll need to update your app
itself so that it actually uses the reCAPTCHA box to validate the form
submission.
Let’s turn now to the Java piece, where we validate the form and reCAPTCHA.
