How to configure JCaptcha with your Spring App

      5 Comments on How to configure JCaptcha with your Spring App

Update: 03/17/2009: This code example uses JCaptcha 1.0-RC6 . The latest version released on 02/04/2009 is JCaptcha 1.0. If you use JCaptcha 1.0 then you might have to make some changes to the code given in this example.

This is how I setup JCaptcha in my application. Following code snippet is for the test page I have created to test the JCaptcha and Spring integration

captchademoscreen

1) First create a controller which will generate a new Captcha for each session based on session id

package com.example.web.controller;

import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.util.Map;

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;

import com.octo.captcha.service.CaptchaServiceException;
import com.octo.captcha.service.image.ImageCaptchaService;
import com.sun.image.codec.jpeg.JPEGCodec;
import com.sun.image.codec.jpeg.JPEGImageEncoder;
import com.example.domain.LoginCommand;
import com.example.logger.LoginLogger;

public class CaptchaController extends LoginBaseController {

    public CaptchaController(){
        setCommandClass(LoginCommand.class);
    }

    @Override
    protected ModelAndView showForm(HttpServletRequest request, HttpServletResponse response, BindException errors,
            Map controlModel) throws Exception {

         byte[] captchaChallengeAsJpeg = null;
           // the output stream to render the captcha image as jpeg into
            ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
            try {
            // get the session id that will identify the generated captcha.
            //the same id must be used to validate the response, the session id is a good candidate!

            String captchaId = request.getSession().getId();
            LoginLogger.debug(this, "Captcha ID which gave the image::" + captchaId);
            // call the ImageCaptchaService getChallenge method
                BufferedImage challenge = ((ImageCaptchaService)getCaptchaService()).getImageChallengeForID(captchaId, request.getLocale());

                // a jpeg encoder
                JPEGImageEncoder jpegEncoder =
                        JPEGCodec.createJPEGEncoder(jpegOutputStream);
                jpegEncoder.encode(challenge);
            } catch (IllegalArgumentException e) {
                response.sendError(HttpServletResponse.SC_NOT_FOUND);
                return null;
            } catch (CaptchaServiceException e) {
                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                return null;
            }

            captchaChallengeAsJpeg = jpegOutputStream.toByteArray();

            // flush it in the response
            response.setHeader("Cache-Control", "no-store");
            response.setHeader("Pragma", "no-cache");
            response.setDateHeader("Expires", 0);
            //response.setContentType("image/jpeg");
//            response.getOutputStream().write(jpegOutputStream);
            ServletOutputStream responseOutputStream =
                response.getOutputStream();
            responseOutputStream.write(captchaChallengeAsJpeg);
            responseOutputStream.flush();
            responseOutputStream.close();

        return null;
    }

}

Please note that your implementation can vary. The only thing you want is a simple Servlet which will execute the code in showForm method above. In my case I am relying on Spring framework to execute this code because in the JSP where you show Captcha image I have written something like this
<img id=”captchaImage” src=”http://localhost:8080/LoginApplication/captcha.htm”>. In my application the URL captcha.htm is wired to this controller. But you can choose to have a simple servlet mapped instead of a Spring Controller.

2) Make the following entries in your Spring config files to configure JCaptcha

<!-- Captcha Related Mappings -->
 <bean id="captchaController"
 class="com.example.web.controller.CaptchaController">
<property name="captchaService" ref="captchaService" />
 </bean>

 <bean id="imageEngine" class="com.octo.captcha.engine.GenericCaptchaEngine">
 <constructor-arg index="0">
 <list>
 <ref bean="CaptchaFactory"/>
 </list>
 </constructor-arg>
 </bean>

 <bean id="CaptchaFactory" class="com.octo.captcha.image.gimpy.GimpyFactory" >
 <constructor-arg><ref bean="wordgen"/></constructor-arg>
 <constructor-arg><ref bean="wordtoimage"/></constructor-arg>
 </bean>

 <bean id="wordgen" class= "com.octo.captcha.component.word.wordgenerator.DictionaryWordGenerator" >
 <constructor-arg><ref bean="filedict"/></constructor-arg>
 </bean>

 <bean id="filedict" class="com.octo.captcha.component.word.FileDictionary" >
 <constructor-arg index="0"><value>toddlist</value></constructor-arg>
 </bean>

 <bean id="wordtoimage" class="com.octo.captcha.component.image.wordtoimage.ComposedWordToImage" >
 <constructor-arg index="0"><ref bean="fontGenRandom"/></constructor-arg>
 <constructor-arg index="1"><ref bean="backGenUni"/></constructor-arg>
 <constructor-arg index="2"><ref bean="simpleWhitePaster"/></constructor-arg>
 </bean>

 <bean id="fontGenRandom" class="com.octo.captcha.component.image.fontgenerator.RandomFontGenerator" >
 <constructor-arg index="0"><value>40</value></constructor-arg>
 <constructor-arg index="1"><value>50</value></constructor-arg>
 <constructor-arg index="2">
 <list>
 <ref bean="fontArial"/>
 </list>
 </constructor-arg>
 </bean>

 <bean id="fontArial" class="java.awt.Font" >
 <constructor-arg index="0"><value>Arial</value></constructor-arg>
 <constructor-arg index="1"><value>0</value></constructor-arg>
 <constructor-arg index="2"><value>10</value></constructor-arg>
 </bean>

 <bean id="backGenUni" class="com.octo.captcha.component.image.backgroundgenerator.UniColorBackgroundGenerator" >
 <constructor-arg index="0"><value>300</value></constructor-arg>
 <constructor-arg index="1"><value>100</value></constructor-arg>
 </bean>

 <bean id="simpleWhitePaster" class="com.octo.captcha.component.image.textpaster.SimpleTextPaster" >
 <constructor-arg type="java.lang.Integer" index="0">
 <value>3</value>
 </constructor-arg>
 <constructor-arg type="java.lang.Integer" index="1">
 <value>5</value>
 </constructor-arg>
 <constructor-arg type="java.awt.Color" index="2">
 <ref bean="colorBlack"/>
 </constructor-arg>
 </bean>

 <bean id="colorGreen" class="java.awt.Color" >
 <constructor-arg index="0"><value>0</value></constructor-arg>
 <constructor-arg index="1"><value>255</value></constructor-arg>
 <constructor-arg index="2"><value>0</value></constructor-arg>
 </bean>

 <bean id="colorBlack" class="java.awt.Color" >
 <constructor-arg index="0"><value>0</value></constructor-arg>
 <constructor-arg index="1"><value>0</value></constructor-arg>
 <constructor-arg index="2"><value>0</value></constructor-arg>
 </bean>

 <bean id="captchaService" class="com.octo.captcha.service.multitype.GenericManageableCaptchaService">
 <constructor-arg index="0"><ref bean="imageEngine"/></constructor-arg>
 <constructor-arg index="1"><value>180</value></constructor-arg>
 <constructor-arg index="2"><value>180000</value></constructor-arg>
 </bean>

For test purpose I have used a Simple Text Captcha.

3) To test create a command,controller and JSP like this

public class LoginCommand implements Serializable {
    private String verificationTextForForgotPass;
    //getter and setter methods
}
package com.example.web.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;

import com.octo.captcha.service.CaptchaServiceException;
import com.example.domain.LoginCommand;

public class CaptchaDemoController extends LoginBaseController {
	private CaptchaService captchaService;
	//Getter and setter for captchaService

    public CaptchaDemoController() {
        setCommandClass(LoginCommand.class);
    }

    @Override
    protected Object formBackingObject(HttpServletRequest request) throws Exception {
        LoginCommand command = new LoginCommand();

        return command;
    }

    @Override
    protected ModelAndView processFormSubmission(HttpServletRequest request, HttpServletResponse response,
            Object command, BindException errors) throws Exception {
        boolean isResponseCorrect = false;
        String sessionId = request.getSession().getId();
        //retrieve the response
        String verificationText = ((LoginCommand) command).getVerificationTextForForgotPass();

        // Call the Service method
        try {
            isResponseCorrect = getCaptchaService().validateResponseForID(sessionId, verificationText);
        }
        catch (CaptchaServiceException e) {
            //should not happen, may be thrown if the id is not valid
        }

		//You can do whatever you want to based on the response
        response.getWriter().write(String.valueOf(isResponseCorrect));

        return null;
    }
}
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>

<head>
 <title>Captcha Demo</title>
</head>

As you can see the JSP will just show one Captcha Image and a text box where you can enter the Image text. The controller will verify the entered text and display true or false based on the result. You can implement your logic here for the Captcha verification result.

4) Finally make the following entries in your corresponding spring config file

<beans>
 <bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
 <property name="mappings">
 <props>
 <prop key="/captchaDemo.htm">captchaDemoController</prop>
 <prop key="/captcha.htm">captchaController</prop>
 </props>
 </property>
 </bean>
</beans>
<bean id="captchaDemoView" parent="baseView">
 <property name="url" value="/WEB-INF/jsp/captchaDemo.jsp"/>
 </bean>
<bean id="captchaDemoController" class="com.example.web.controller.CaptchaDemoController">
 <property name="formView" value="captchaDemoView"/>
 <property name="successView" value="captchaDemoView"></property>
 <property name="captchaService" ref="captchaService" />
</bean>

Oops I forgot to mention, you should have JCaptcha jars in your classpath for this example to work 😉
I have written this post using the working code I have. I might have missed some configuration in this post. Let me know if you get any error. I will update the post.

5 thoughts on “How to configure JCaptcha with your Spring App

  1. Alice

    Hi Paras,

    Your tutorial is great, I could make with it Captcha in Spring inspite of that I am new in that area!

    But I have an error.

    At me happens, what shouldn’t happen 🙂 : The Catcha servlet
    get an other sessionId as my “main” servlet, and so the response is not correct.

    I think I haven’t configured something and that’s why don’t work it.

    Could you help me, what’s my error?

    Thank you in anticipation

    Alice

    I attach the relevant sources form my project and a logfile.

    http://www.mediafire.com/download.php?mcj0otyilod

    http://www.mediafire.com/download.php?zeiix2efqzw

    Reply
  2. Alice

    Hello Paras, Hello Everebody,

    Thank you very much for your incredibly rush and effective help. It was very kind of you!

    Paras responses me per mail in a half an hour and hereby I could idenetify my problem.

    The symptom is the following:

    The sessionId problem is occurs just if I use stand alone Tomcat (Vers 6.0)!!

    If I run my project under Eclipse plugged Tomcat the two session (and the ID) is identical, and the response controll is Ok.

    I suppuse that is a configuration problem in my project but I don’t know what.

    If you , or somebody else has a suggestion it would be nice!

    Thank you in anticipation

    Alice

    Reply
  3. hadi

    Hi to all 🙁
    i cant run this project. when i run it appear this error HTTP Status 404 – /JCapatcha/
    please help me.
    Thanks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *