Protecting your JSP forms with BotDetect Java Captcha requires a few steps, outlined on this page. Displaying the Captcha challenge can be as simple as:
<%
// Adding BotDetect Captcha to the page
Captcha captcha = Captcha.load(request, "exampleCaptcha");
captcha.setUserInputID("captchaCode");
String captchaHtml = captcha.getHtml();
out.write(captchaHtml);
%>
<input id="captchaCode" type="text" name="captchaCode" />
and checking user input when the form is submitted:
boolean isHuman = captcha.validate(request.getParameter("captchaCode"));
You can also see how BotDetect Captcha protection has been added to various kinds of JSP forms and projects by running the BotDetect Captcha JSP integration code examples coming with the BotDetect installation. You can also reuse the code example source code that fits your requirements.
CAPTCHA Integration Steps
To add BotDetect Captcha protection to a JSP application:
Add BotDetect Java CAPTCHA Library Dependency
Here is how to add BotDetect Java CAPTCHA Library dependency in various dependency management scenarios:
To manually add BotDetect Captcha library to classpath, copy the following three jar files from BotDetect Java download package to application's WEB-INF/lib folder:
botdetect-4.0.beta3.5.jarbotdetect-servlet-4.0.beta3.5.jarbotdetect-jsp20-4.0.4.0.beta3.5.jar
To share BotDetect Captcha among multiple applications, these BotDetect jar files above should be copied into 'lib' directory of web container or application server's domain.
The free version of BotDetect Java Captcha is available as a maven artifact:
1) Add BotDetect public maven repository (NetBeans 8):
Windows -> Services -> Maven Repositories -> Add Repository:
https://git.captcha.com/maven.git/blob_plain/HEAD:/
2) In pom.xml file, dependency should be added:
<dependency>
<groupId>com.captcha</groupId>
<artifactId>botdetect-jsp20</artifactId>
<version>4.0.beta3.5</version>
</dependency>
[...]
<repository>
<id>captcha</id>
<name>BotDetect Captcha Repository</name>
<url>https://git.captcha.com/maven.git/blob_plain/HEAD:/</url>
</repository>
BotDetect Java Captcha library's Maven artifact can be added as a Gradle dependency:
1) Add BotDetect public Maven repository to build.gradle file:
repositories {
maven {
url "https://git.captcha.com/maven.git/blob_plain/HEAD:/"
}
...
}
2) Since BotDetect Java Captcha Maven artifact is not available on "mavenCentral", to use it as an external dependency, BotDetect Java Captcha repository must be defined:
dependencies {
...
compile 'com.captcha:botdetect-jsp20:4.0.beta3.5'
...
}
The highlighted code defines dependency:
Group ID: com.captcha
Artifact ID: botdetect-jsp20
Version: 4.0.beta3.5
The BotDetect Java Captcha Library (available in our git.captcha.com repository) can be added into an Ant project using Ivy.
ivy-settings.xml -- Ivy configuration file
Ivy needs repository information configured (in ivy-setting.xml file) in order to download BotDetect Java Captcha Maven artifact:
<ivysettings>
<properties file="build.properties" />
<settings defaultResolver="default-chain"/>
<resolvers>
<chain name="default-chain">
<ibiblio name="botdetect" root="https://git.captcha.com/maven.git/blob_plain/HEAD:" m2compatible="true"/>
...
</chain>
</resolvers>
</ivysettings>
ivy.xml -- file containing dependency descriptions
To complete BotDetect Java Captcha installation, we need to define dependency in ivy.xml file:
<ivy-module version="2.0">
<info organisation="org.apache" module="WebProject" />
<!-- Classpath management, thanks Maven -->
<configurations>
<conf name="compile" description="compile dependencies"/>
<conf name="runtime" description="runtime dependencies" extends="compile"/>
<conf name="test" description="test dependencies" extends="runtime"/>
</configurations>
<dependencies>
<dependency org="com.captcha" name="botdetect-jsp20" rev="4.0.beta3.5" conf="compile->default"/>
...
</dependencies>
</ivy-module>
Finally, we add target to your project's build.xml in order to get Dependencies.
<target name="resolve" description="retrieve dependencies with ivy">
<echo message="Getting dependencies..." />
<ivy:retrieve />
<ivy:cachepath pathid="compile.path" conf="compile" />
<ivy:cachepath pathid="runtime.path" conf="runtime" />
<ivy:cachepath pathid="test.path" conf="test" />
</target>
ivy: retrieve retrieves all the dependencies of the last resolve call to a lib directory.
Add target to application's Buildfile to get the BotDetect Java Captcha Library jar from git.captcha.com repository:
<!-- Download dependence -->
<target name="get-deps" description="retrieve dependencies manually">
<echo message="Getting dependencies..." />
<mkdir dir="lib" />
<get src="https://git.captcha.com/maven.git/blob_plain/HEAD:/com/captcha/botdetect/4.0.beta3.5/botdetect-4.0.beta3.5.jar" dest="lib/botdetect-4.0.beta3.5.jar" usetimestamp="true" />
<get src="https://git.captcha.com/maven.git/blob_plain/HEAD:/com/captcha/botdetect-servlet/4.0.beta3.5/botdetect-servlet-4.0.beta3.5.jar" dest="lib/botdetect-servlet-4.0.beta3.5.jar" usetimestamp="true" />
<get src="https://git.captcha.com/maven.git/blob_plain/HEAD:/com/captcha/botdetect-jsp20/4.0.beta3.5/botdetect-jsp20-4.0.beta3.5.jar" dest="lib/botdetect-jsp20-4.0.beta3.5.jar" usetimestamp="true" />
...
</target>
BotDetect Java Captcha Api is now ready to be used in project.
Reference the target 'get-deps' from previous step in a compile target:
<target name="compile" depends="init, get-deps" description="compile source code">
<copydir src="${web.dir}" dest="${build.dir}" />
<mkdir dir="${web.classes.dir}" />
<javac destdir="${web.classes.dir}" source="${jdk.version}" target="${jdk.version}"
debug="true" includeantruntime="false" classpathref="compile.path">
<src path="${src.dir}" />
</javac>
</target>
[back to top]
Register CaptchaServlet
Update your application configuration (web.xml) file.
<servlet>
<servlet-name>BotDetect Captcha</servlet-name>
<servlet-class>com.captcha.botdetect.web.servlet.CaptchaServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>BotDetect Captcha</servlet-name>
<url-pattern>/botdetectcaptcha</url-pattern>
</servlet-mapping>
[back to top]
Display Captcha Protection on the JSP Form
We'll assume you already have a form which can be posted (<form method="post" ...), with other fields in place.
This approach is especially useful when <form> tag has no action attribute since Captcha object will already be instantiated for validation.
First, on the top of the JSP form source file add:
<%@page import="com.captcha.botdetect.web.servlet.Captcha"%>
To display the Captcha test on your form, you will need the following Html elements:
- A textbox for the Captcha code user input, with a label displaying Captcha instructions
- The Captcha markup including the image, sound and reload icons etc., which will be generated by the Captcha library
For example:
<label for="captchaCode" class="prompt">
Retype the characters from the picture:</label>
<%
// Adding BotDetect Captcha to the page
Captcha captcha = Captcha.load(request, "exampleCaptcha");
captcha.setUserInputID("captchaCode");
String captchaHtml = captcha.getHtml();
out.write(captchaHtml);
%>
<input id="captchaCode" type="text" name="captchaCode" />
The JSP scriptlet above creates a new instance of the Captcha class defined by the BotDetect Java Captcha library, tells it which textbox is used to input Captcha codes (default is captchaCode), and calls the getHtml() method to generate all needed BotDetect Html elements.
BotDetect custom captcha tag is designed to add CAPTCHA protection to JSP form as simple as possible.
At the top of the file put BotDetect taglib declaration:
<%@taglib prefix="botDetect" uri="https://captcha.com/java/jsp"%>
Boilerplate Html elements are the same as in previous example, but JSP scriptlet is replaced with custom tag:
<label for="captchaCode" class="prompt">
Retype the characters from the picture:</label>
<botDetect:captcha id="exampleCaptchaTag" userInputID="captchaCode"/>
<input id="captchaCode" type="text" name="captchaCode" />
[back]
When you open your form in a browser, the above declarations should render as:
If you are adding Captcha protection to multiple JSP forms in the same website, you should initialize each Captcha object with unique name (e.g. "registrationCaptcha", "commentCaptcha", ...).
[back to top]
Validate Captcha User Input During JSP Form Submission
Since we want to ensure only real human users can perform a certain action (e.g. account registration or comment submission), we also have to add Captcha validation code which will process form submissions, and only allow certain actions if Captcha validation succeeds.
Form Has No Action
In the simplest case (when the form posts to itself, i.e. the action attribute is not set), you will process form submissions on the form itself:
<%
if ("POST".equalsIgnoreCase(request.getMethod())) {
boolean isHuman = captcha.validate(request.getParameter("captchaCode"));
if (isHuman) {
// TODO: Captcha validation passed, perform protected action
} else {
// TODO: Captcha validation failed, show error message
}
}
%>
The above code is very simple:
- The
if ("POST".equalsIgnoreCase(request.getMethod())) {
line ensures the code only runs when the form is submitted.
- The
boolean isHuman = captcha.validate( request.getParameter("captchaCode")); line calls the validate(String userInput) method of the Captcha object, which returns true if the submitted Captcha code matches the one used for Captcha image generation, or false otherwise.
This approach is shown in the BotDetect basic JSP integration code example included in the BotDetect download package.
Separate Servlet Processing Action
If your form posts to a separate servlet, you can use the same Captcha validation code. You just have to create Captcha object instance with the same name as the one used on the form first:
Captcha captcha = Captcha.load(request, "exampleCaptcha");
// validate the Captcha to check we're not dealing with a bot
boolean isHuman = captcha.validate(request.getParameter("captchaCode"));
if (isHuman) {
// TODO: Captcha validation passed, perform protected action
} else {
// TODO: Captcha validation failed, show error message
}
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("/index.jsp");
dispatcher.forward(request, response);
In this trivial case response is redirected back to original form.
This approach is shown in the BotDetect JSP Captcha Tag integration code example included in the BotDetect download package.
Protecting your JSP forms with BotDetect Java Captcha requires a few steps, outlined on this page. Displaying the Captcha challenge can be as simple as:
<%
// Adding BotDetect Captcha to the page
SimpleCaptcha captcha = SimpleCaptcha.load(request, "exampleCaptcha");
String captchaHtml = captcha.getHtml();
out.write(captchaHtml);
%>
<input id="captchaCode" type="text" name="captchaCode" />
and checking user input when the form is submitted:
boolean isHuman = captcha.validate(request.getParameter("captchaCode"));
You can also see how BotDetect Captcha protection has been added to various kinds of JSP forms and projects by running the BotDetect Captcha JSP integration code examples coming with the BotDetect installation. You can also reuse the code example source code that fits your requirements.
CAPTCHA Integration Steps
To add BotDetect Captcha protection to a JSP application:
Add BotDetect Java CAPTCHA Library Dependency
Here is how to add BotDetect Java CAPTCHA Library dependency in various dependency management scenarios:
To manually add BotDetect Captcha library to classpath, copy the following jar files from BotDetect Java download package to application's WEB-INF/lib folder:
botdetect-4.0.beta3.5.jarbotdetect-servlet-4.0.beta3.5.jarbotdetect-jsp20-4.0.beta3.5.jarhsqldb.jar
To share BotDetect Captcha among multiple applications, these BotDetect jar files above should be copied into 'lib' directory of web container or application server's domain.
The free version of BotDetect Java Captcha is available as a maven artifact:
1) Add BotDetect public maven repository (NetBeans 8):
Windows -> Services -> Maven Repositories -> Add Repository:
https://git.captcha.com/maven.git/blob_plain/HEAD:/
2) In pom.xml file, dependency should be added:
<dependency>
<groupId>com.captcha</groupId>
<artifactId>botdetect-jsp20</artifactId>
<version>4.0.beta3.5</version>
</dependency>
[...]
<repository>
<id>captcha</id>
<name>BotDetect Captcha Repository</name>
<url>https://git.captcha.com/maven.git/blob_plain/HEAD:/</url>
</repository>
BotDetect Java Captcha library's Maven artifact can be added as a Gradle dependency:
1) Add BotDetect public Maven repository to build.gradle file:
repositories {
maven {
url "https://git.captcha.com/maven.git/blob_plain/HEAD:/"
}
...
}
2) Since BotDetect Java Captcha Maven artifact is not available on "mavenCentral", to use it as an external dependency, BotDetect Java Captcha repository must be defined:
dependencies {
...
compile 'com.captcha:botdetect-jsp20:4.0.beta3.5'
...
}
The highlighted code defines dependency:
Group ID: com.captcha
Artifact ID: botdetect-jsp20
Version: 4.0.beta3.5
The BotDetect Java Captcha Library (available in our git.captcha.com repository) can be added into an Ant project using Ivy.
ivy-settings.xml -- Ivy configuration file
Ivy needs repository information configured (in ivy-setting.xml file) in order to download BotDetect Java Captcha Maven artifact:
<ivysettings>
<properties file="build.properties" />
<settings defaultResolver="default-chain"/>
<resolvers>
<chain name="default-chain">
<ibiblio name="botdetect" root="https://git.captcha.com/maven.git/blob_plain/HEAD:" m2compatible="true"/>
...
</chain>
</resolvers>
</ivysettings>
ivy.xml -- file containing dependency descriptions
To complete BotDetect Java Captcha installation, we need to define dependency in ivy.xml file:
<ivy-module version="2.0">
<info organisation="org.apache" module="WebProject" />
<!-- Classpath management, thanks Maven -->
<configurations>
<conf name="compile" description="compile dependencies"/>
<conf name="runtime" description="runtime dependencies" extends="compile"/>
<conf name="test" description="test dependencies" extends="runtime"/>
</configurations>
<dependencies>
<dependency org="com.captcha" name="botdetect-jsp20" rev="4.0.beta3.5" conf="compile->default"/>
...
</dependencies>
</ivy-module>
Finally, we add target to your project's build.xml in order to get Dependencies.
<target name="resolve" description="retrieve dependencies with ivy">
<echo message="Getting dependencies..." />
<ivy:retrieve />
<ivy:cachepath pathid="compile.path" conf="compile" />
<ivy:cachepath pathid="runtime.path" conf="runtime" />
<ivy:cachepath pathid="test.path" conf="test" />
</target>
ivy: retrieve retrieves all the dependencies of the last resolve call to a lib directory.
Add target to application's Buildfile to get the BotDetect Java Captcha Library jar from git.captcha.com repository:
<!-- Download dependence -->
<target name="get-deps" description="retrieve dependencies manually">
<echo message="Getting dependencies..." />
<mkdir dir="lib" />
<get src="https://git.captcha.com/maven.git/blob_plain/HEAD:/com/captcha/botdetect/4.0.beta3.5/botdetect-4.0.beta3.5.jar" dest="lib/botdetect-4.0.beta3.5.jar" usetimestamp="true" />
<get src="https://git.captcha.com/maven.git/blob_plain/HEAD:/com/captcha/botdetect-servlet/4.0.beta3.5/botdetect-servlet-4.0.beta3.5.jar" dest="lib/botdetect-servlet-4.0.beta3.5.jar" usetimestamp="true" />
<get src="https://git.captcha.com/maven.git/blob_plain/HEAD:/com/captcha/botdetect-jsp20/4.0.beta3.5/botdetect-jsp20-4.0.beta3.5.jar" dest="lib/botdetect-jsp20-4.0.beta3.5.jar" usetimestamp="true" />
<get src="http://central.maven.org/maven2/org/hsqldb/hsqldb/2.3.4/hsqldb-2.3.4.jar" dest="lib/hsqldb-2.3.4.jar" usetimestamp="true" />
...
</target>
BotDetect Java Captcha Api is now ready to be used in project.
Reference the target 'get-deps' from previous step in a compile target:
<target name="compile" depends="init, get-deps" description="compile source code">
<copydir src="${web.dir}" dest="${build.dir}" />
<mkdir dir="${web.classes.dir}" />
<javac destdir="${web.classes.dir}" source="${jdk.version}" target="${jdk.version}"
debug="true" includeantruntime="false" classpathref="compile.path">
<src path="${src.dir}" />
</javac>
</target>
[back to top]
Register SimpleCaptchaServlet
Update your application configuration (web.xml) file.
<servlet>
<servlet-name>BotDetect Captcha</servlet-name>
<servlet-class>com.captcha.botdetect.web.servlet.SimpleCaptchaServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>BotDetect Captcha</servlet-name>
<url-pattern>/botdetectcaptcha</url-pattern>
</servlet-mapping>
[back to top]
Configure Captcha options
Configure captcha options in WEB-INF/botdetect.xml configuration file. You can find a full list of available Captcha configuration options and related instructions at the Captcha configuration options page.
<?xml version="1.0" encoding="UTF-8"?>
<botdetect xmlns="https://captcha.com/schema/java"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://captcha.com/schema/java
https://captcha.com/schema/java/botdetect-4.0.beta3.5.xsd">
<captchaStyles>
<captchaStyle>
<name>exampleCaptcha</name>
<userInputID>captchaCode</userInputID>
<codeLength>3-5</codeLength>
</captchaStyle>
</captchaStyles>
</botdetect>
[back to top]
Display Captcha Protection on the JSP Form
We'll assume you already have a form which can be posted (<form method="post" ...), with other fields in place.
This approach is especially useful when <form> tag has no action attribute since Captcha object will already be instantiated for validation.
First, on the top of the JSP form source file add:
<%@page import="com.captcha.botdetect.web.servlet.SimpleCaptcha"%>
To display the Captcha test on your form, you will need the following Html elements:
- A textbox for the Captcha code user input, with a label displaying Captcha instructions
- The Captcha markup including the image, sound and reload icons etc., which will be generated by the Captcha library
For example:
<label for="captchaCode" class="prompt">
Retype the characters from the picture:</label>
<%
// Adding BotDetect Captcha to the page
SimpleCaptcha captcha = SimpleCaptcha.load(request, "exampleCaptcha");
String captchaHtml = captcha.getHtml();
out.write(captchaHtml);
%>
<input id="captchaCode" type="text" name="captchaCode" />
The JSP scriptlet above creates a new instance of the SimpleCaptcha class defined by the BotDetect Java Captcha library and calls the getHtml() method to generate all needed BotDetect Html elements.
BotDetect custom captcha tag is designed to add CAPTCHA protection to JSP form as simple as possible.
At the top of the file put BotDetect taglib declaration:
<%@taglib prefix="botDetect" uri="https://captcha.com/java/jsp/simple-api"%>
Boilerplate Html elements are the same as in previous example, but JSP scriptlet is replaced with custom tag:
<label for="captchaCode" class="prompt">
Retype the characters from the picture:</label>
<botDetect:simpleCaptcha id="exampleCaptchaTag" />
<input id="captchaCode" type="text" name="captchaCode" />
[back]
When you open your form in a browser, the above declarations should render as:
If you are adding Captcha protection to multiple JSP forms in the same website, you should initialize each SimpleCaptcha object with unique name (e.g. "registrationCaptcha", "commentCaptcha", ...).
[back to top]
Validate Captcha User Input During JSP Form Submission
Since we want to ensure only real human users can perform a certain action (e.g. account registration or comment submission), we also have to add Captcha validation code which will process form submissions, and only allow certain actions if Captcha validation succeeds.
Form Has No Action
In the simplest case (when the form posts to itself, i.e. the action attribute is not set), you will process form submissions on the form itself:
<%
if ("POST".equalsIgnoreCase(request.getMethod())) {
boolean isHuman = captcha.validate(request.getParameter("captchaCode"));
if (isHuman) {
// TODO: Captcha validation passed, perform protected action
} else {
// TODO: Captcha validation failed, show error message
}
}
%>
The above code is very simple:
- The
if ("POST".equalsIgnoreCase(request.getMethod())) {
line ensures the code only runs when the form is submitted.
- The
boolean isHuman = captcha.validate( request.getParameter("captchaCode")); line calls the validate(String userInput) method of the Captcha object, which returns true if the submitted Captcha code matches the one used for Captcha image generation, or false otherwise.
This approach is shown in the BotDetect basic JSP integration code example included in the BotDetect download package.
Separate Servlet Processing Action
If your form posts to a separate servlet, you can use the same Captcha validation code. You just have to create SimpleCaptcha object instance with the same captcha style name as the one used on the form first:
SimpleCaptcha captcha = SimpleCaptcha.load(request, "exampleCaptcha");
// validate the Captcha to check we're not dealing with a bot
boolean isHuman = captcha.validate(request.getParameter("captchaCode"));
if (isHuman) {
// TODO: Captcha validation passed, perform protected action
} else {
// TODO: Captcha validation failed, show error message
}
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("/index.jsp");
dispatcher.forward(request, response);
In this trivial case response is redirected back to original form.
This approach is shown in the BotDetect JSP Captcha Tag integration code example included in the BotDetect download package.
