JavaServer Faces Validator CAPTCHA Code Example

First Time Here?

Check the BotDetect JSP Captcha Quickstart for key integration steps.

The JSF Validator Captcha code example shows how to integrate BotDetect CAPTCHA validation with standard JavaServer Faces page validation functionality and other validator controls.

Download the BotDetect Java library and run this example

JavaServer Faces 2.0+

Downloaded Location

The JSF 2.0+ Validator CAPTCHA code example is included in the
examples/bdc4-jsf20-validator-captcha-example.war file of the download package. Deploying (unpacking) the file will create a standard JSP directory tree.

Running Example

This example's war file (in BotDetect download package) already embeds all dependencies.

In case you are making this example from scratch in your IDE, you need to ensure botdetect.jar, botdetect-servlet.jar, botdetect-jsp20.jar, and botdetect-jsf20.jar are in the classpath.


<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@taglib prefix="f" uri=""%>
<%@taglib prefix="h" uri=""%>
<%@taglib prefix="botDetect" uri=""%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
      <title>BotDetect Java CAPTCHA Validation: JSF Validator CAPTCHA Code Example</title>
      <link rel="stylesheet" href="stylesheet.css" type="text/css"/>
      <h:form prependId="false" styleClass="column">
        <h1>BotDetect Java CAPTCHA Validation:<br/> JSF Validator CAPTCHA Code Example</h1>
          <legend>Java CAPTCHA Validation</legend>
          <h:outputLabel for="inputName" value="Name:"/>
          <h:inputText id="inputName" validatorMessage="Missing name">
            <f:validateLength minimum="2"/>
          <h:message for="inputName" styleClass="incorrect"/>
          <h:outputLabel for="captchaCode" value="Retype the characters from the picture:"/>
          <!-- Adding BotDetect Captcha to the page -->
          <botDetect:jsfCaptcha id="exampleCaptcha"
                     userInputID="captchaCode" />
          <div class="validationDiv">
            <h:inputText id="captchaCode" value="#{validatorExample.captchaCode}"
                   validatorMessage="Incorrect code">
              <f:validator validatorId="exampleValidator"/>
              <f:attribute name="captchaId" value="exampleCaptcha"/>
            <h:message for="captchaCode" styleClass="incorrect"/>
          <h:commandButton  action="#{validatorExample.submit}" value="Submit"/>
          <h:outputText value="Validation passed." styleClass="correct" rendered="#{validatorExample.validated}"/>

In order to use a custom JSF Validator to validate user Captcha code input, we have to declare a validator of the Captcha code text box (<f:validator validatorId="exampleValidator"/>). Also, we have to add Captcha Id as component's attribute to Captcha code text box (<f:attribute name="captchaId" value="exampleCaptcha"/>).

package com.captcha.botdetect.examples.jsf.validator;

import com.captcha.botdetect.web.servlet.Captcha;
import javax.faces.application.FacesMessage;
import javax.faces.component.UIComponent;
import javax.faces.context.FacesContext;
import javax.faces.validator.FacesValidator;
import javax.faces.validator.Validator;
import javax.faces.validator.ValidatorException;
import javax.servlet.http.HttpServletRequest;

public class ExampleValidator implements Validator {

  public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException {
    String captchaId = (String) component.getAttributes().get("captchaId");
    HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
    // validate the Captcha to check we're not dealing with a bot
    Captcha captcha = Captcha.load(request, captchaId);
    boolean isHuman = captcha.validate((String) value);
    if (!isHuman) {
      FacesMessage message = new FacesMessage();
      throw new ValidatorException(message);


In validate method of the JSF custom validator first we have to obtain Captcha id from component's attributes.

Using Captcha id instantiate Captcha object and validate user input in usual way.

package com.captcha.botdetect.examples.jsf.validator.view;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.RequestScoped;

public class ValidatorExample {
  private String captchaCode;
  private boolean validated;

  public ValidatorExample() {

  public String getCaptchaCode() {
    return captchaCode;

  public void setCaptchaCode(String captchaCode) {
    this.captchaCode = captchaCode;

  public boolean isValidated() {
    return validated;

  public void submit(){
    captchaCode = null;
    validated = true;

Managed bean has no specific BotDetect Captcha code since all validation is done in custom validator. Form's action method submit() is invoked after Captcha validation is passed so property validated (which is used to display message on the form) is set true.


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi=""
  id="WebApp_ID" version="2.5">




    <servlet-name>Faces Servlet</servlet-name>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-name>Faces Servlet</servlet-name>

    <servlet-name>BotDetect Captcha</servlet-name>
    <servlet-name>BotDetect Captcha</servlet-name>



In WEB-INF/web.xml file we register CaptchaServlet used for BotDetect Captcha requests.

JavaServer Faces 1.2

Downloaded Location

The JSF 1.2 Validator CAPTCHA code example is included in the
examples/bdc4-jsf12-validator-captcha-example.war file of the download package.

Please Note

BotDetect Java Captcha Library v4.0.Beta1 is an in-progress port of BotDetect 4 Captcha, and we need you to guide our efforts towards a polished product. Please let us know if you encounter any bugs, implementation issues, or a usage scenario you would like to discuss.