JavaServer Pages CAPTCHA Tag Code Example

The JSP Captcha Tag code example shows the most basic source code required to protect a JavaServer Pages form with BotDetect CAPTCHA's custom tag and validate the user input.

It can be used as a starting point when you are first learning how to use BotDetect.

Downloaded Location

The JSP Basic CAPTCHA Example is included in examples folder of the download package as bdc3-jsp-captcha-tag-example.war file. Deploying (unpacking) the file will create a standard JSP directory tree.

• index.jsp
• WEB-INF/src/botdetect/examples/jsp/tag/CaptchaTagAction.java

index.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@taglib prefix="botDetect" uri="botDetect"%>
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>BotDetect CAPTCHA Tag Example</title>
    <link rel="stylesheet" href="stylesheet.css" type="text/css"/>
  </head>
  <body>
    <form action="captchaTagAction" method="post">
      <h1>BotDetect CAPTCHA Tag Example</h1>
      <fieldset>
        <legend>CAPTCHA Validation</legend>
        <label for="captchaCode" class="prompt">
            Retype the code from the picture:</label>
        <!-- Adding BotDetect Captcha to the page -->
        <botDetect:captcha id="exampleCaptchaTag"
            userInputClientId="captchaCode" />
        <div class="validationDiv">
          <input id="captchaCode" type="text" name="captchaCode" />
          <input type="submit" name="validate" value="Validate" />&nbsp;
          <span class="correct">${messages.captchaCodeCorrect}</span>
          <span class="incorrect">${messages.captchaCodeIncorrect}</span>
        </div>
      </fieldset>
    </form>
  </body>
</html>

Upon form submission CAPTCHA validation is performed in CaptchaActionTag servlet and result is forwarded back to the initial form.

[back to the top of the page]

CaptchaTagAction.java

package botdetect.examples.jsp.tag;

import botdetect.web.Captcha;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CaptchaTagAction extends HttpServlet {

  @Override
  protected void doPost(HttpServletRequest request, 
      HttpServletResponse response) throws ServletException, IOException {

    if(request.getParameter("validate") != null){
      Map<String, String> messages = new HashMap<String, String>();
      request.setAttribute("messages", messages);
      // validate the Captcha to check we're not dealing with a bot
      Captcha captcha = Captcha.load(request, "exampleCaptchaTag");
      boolean isHuman = captcha.validate(request,
          request.getParameter("captchaCode"));
      if (isHuman) {
        // Captcha validation passed, perform protected action
        messages.put("captchaCodeCorrect", "Correct!");
      } else {
        // Captcha validation failed, show error message
        messages.put("captchaCodeIncorrect", "Incorrect!");
      }
    }

    RequestDispatcher dispatcher = 
      getServletContext().getRequestDispatcher("/index.jsp");
    dispatcher.forward(request, response);
  }

}

To perform CAPTCHA validation we have to initialize Captcha object with the same id as was used on the submitted form, and validate user input from corresponding user input client.The validation result is then forwarded to the form for display.

[back to the top of the page]

To run this example, botdetect.jar must be in the classpath.