CAPTCHA Code Filtering Java Code Example

The Java Captcha customization code example shows how to customize BotDetect Java Captcha behavior and appearance.

First Time Here?

Check the BotDetect JSP Captcha Quickstart for key integration steps.

You can define rules about character sequences you want to avoid using in randomly generated CAPTCHA codes and simply pass them to the Captcha library.

In the web.xml standard deployment descriptor file we set <context-param> named LBD_bannedSequences which value consists of two and three characters sequences that should not be generated by Captcha. Additionally, in order to make code filtering effect in this example more apparent we reduced default character set by declaring all characters except 'A', 'B' and 'C' as banned sequences. Sequences must be separated by comma.

Downloaded Location

The CAPTCHA Code Filtering Java Example is included in examples folder of the download package as bdc3-captcha-code-filtering-example.war file. Deploying (unpacking) the file will create a standard JSP directory tree.

index.jsp

<%@page import="botdetect.CodeStyle"%>
<%@page import="botdetect.web.Captcha"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>BotDetect CAPTCHA Code Filtering Example</title>
    <link rel="stylesheet" href="stylesheet.css" type="text/css"/>
  </head>
  <body>
    <form action="index.jsp" method="post">
      <h1>BotDetect CAPTCHA Code Filtering Example</h1>
      <fieldset>
        <legend>CAPTCHA Validation</legend>
        <label for="captchaCodeTextBox" class="prompt">
          Retype the code from the picture:</label>
        <%
        // Adding BotDetect Captcha to the page
        Captcha captcha = Captcha.load(request, "filteredCaptcha");
        captcha.setCodeStyle(CodeStyle.ALPHA);
        captcha.setCodeLength(4);
        captcha.renderCaptchaMarkup(pageContext.getServletContext(), 
            pageContext.getOut());
        %>
        <div class="validationDiv">
          <input id="captchaCodeTextBox" type="text" 
              name="captchaCodeTextBox" />
          <input type="submit" name="validate" value="Validate" />&nbsp;
          <%
          if("POST".equalsIgnoreCase(request.getMethod())){
            // validate the Captcha to check we're not dealing with a bot
            boolean isHuman = captcha.validate(request, 
                request.getParameter("captchaCodeTextBox"));
            if (isHuman) {
              // Captcha validation passed, perform protected action
              out.print("<span class=\"correct\">Correct.</span>");
            } else {
              // Captcha validation failed, show error message
              out.print("<span class=\"incorrect\">Incorrect!</span>");
            }
          }
          %>
        </div>
      </fieldset>
    </form>
  </body>
</html>

In the form source, we follow the standard procedure for adding Captcha protection to a JSP form but we set code style to alpha characters only and reduce code length to 4 characters.

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
    http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
  <session-config>
    <session-timeout>
      30
    </session-timeout>
  </session-config>
  <servlet>
    <servlet-name>BotDetect Captcha</servlet-name>
    <servlet-class>botdetect.web.http.CaptchaServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>BotDetect Captcha</servlet-name>
    <url-pattern>/botdetectcaptcha</url-pattern>
  </servlet-mapping>
  <context-param>
    <param-name>LBD_helpLinkMode</param-name>
    <param-value>image</param-value>
  </context-param>
  <context-param>
    <param-name>LBD_bannedSequences</param-name>
    <param-value>
      D,E,H,J,K,M,N,O,P,R,S,T,U,V,W,X,Y,Z,
      AA,BB,CC,
      ABC,BCA,CAB
    </param-value>
  </context-param>
</web-app>

Beside register CaptchaServlet in the WEB-INF/web.xml file we declare <context-param> tag with banned character sequences. This setting is global on application level and, contrary to other context params, cannot be overridden by Captcha custom tag attribute nor dynamically changed for a single Captcha instance.

Please Note

BotDetect Java Captcha Library v4.0.Beta3 is an in-progress port of BotDetect 4 Captcha, and we need you to guide our efforts towards a polished product. Please let us know if you encounter any bugs, implementation issues, or a usage scenario you would like to discuss.