BotDetect Java CAPTCHA Generator

BotDetect CAPTCHA works in China -- and it does not stalk you around! Read more...

CAPTCHA Generator Features:


BotDetect Java Captcha generator allows you to easily add Captcha protection to various types of Java based web forms.

We'll use default BotDetect settings in all code snippets.

To see how powerful and customizable BotDetect is, check the BotDetect features demo.

1. Show a Captcha Challenge on the JSF Form

BotDetect Java Captcha provides a dedicated JavaServer Faces tag 'simpleJsfCaptcha'.

'simpleJsfCaptcha' integration steps depend on whether you use standard JSF (.jsp) or Facelets (.xhtml) view handler(s).

Standard JSF

  • declare taglib at the begining of the .jsp file:
  • <%@taglib prefix="botDetect" uri=""%>
  • add (optionaly) attribute prependId="false" to <h:form> opening tag
  • within the <form> insert:
  • <h:outputLabel for="captchaCode" 
      value="Retype the characters from the picture:"/>
    <botDetect:simpleJsfCaptcha id="exampleCaptcha" 
    <h:inputText id="captchaCode" value="#{captchaExampleBean.captchaCode}"/>

When you open your form in a browser, the markup given above should render similar as:

BotDetect CAPTCHA added to an JSP page

In order to later perform CAPTCHA validation simpleJsfCaptcha tag must be bound with the corresponding property of the backing bean. This backing bean property should be of the SimpleJsfCaptcha type, and include both getter and setter access:

import botdetect.web.jsf.SimpleJsfCaptcha;

private SimpleJsfCaptcha captcha;

public SimpleJsfCaptcha getCaptcha() {
   return captcha;

public void setCaptcha(SimpleJsfCaptcha captcha) {
   this.captcha = captcha;

2. Validate User's Captcha Input During Form Submission

On form submit, the Captcha validation result must be checked:

boolean isHuman = captcha.validate(captchaCode);
if (isHuman) {
  correctLabelVisible = true;
  incorrectLabelVisible = false;
} else {
  correctLabelVisible = false;
  incorrectLabelVisible = true;

3. Add BotDetect Java CAPTCHA Library Dependency

Here is how to add BotDetect Java CAPTCHA Library dependency in various dependency management scenarios:

To manually add BotDetect Captcha library to classpath, copy the following jar files from BotDetect Java download package to application's WEB-INF/lib folder:

  • botdetect-4.0.beta3.5.jar
  • botdetect-servlet-4.0.beta3.5.jar
  • botdetect-jsp20-4.0.beta3.5.jar
  • botdetect-jsf20-4.0.beta3.5.jar
  • hsqldb.jar

In case your application uses JSF 1.2 you will need to copy the botdetect-jsf12-4.0.beta3.5.jar file instead of botdetect-jsf20-4.0.beta3.5.jar file.

The hsqldb.jar above is HyperSQL Database library, you can download it at its site.

To share BotDetect Captcha among multiple applications, these BotDetect jar files above should be copied into 'lib' directory of web container or application server's domain.

4. Register BotDetect Simple Captcha Servlet

Update your application configuration (web.xml) file.

  <servlet-name>BotDetect Captcha</servlet-name>
  <servlet-name>BotDetect Captcha</servlet-name>

5. Configure Captcha options

Configure captcha options in WEB-INF/botdetect.xml configuration file.

<?xml version="1.0" encoding="UTF-8"?>
<botdetect xmlns="" 



BotDetect Java CAPTCHA Free version

You can download BotDetect Java CAPTCHA library for free and use it immediately! Your forms can be protected from spam (and bots in general) in minutes.

Keep in mind that we offer basic email support for free to all BotDetect users. So if you need any assistance integrating BotDetect or have any questions or feedback, our Support department is at your disposal.

Once the BotDetect Captcha generator library has been integrated into your Java web application and you're satisfied with how it works, it's easy to upgrade your license if you need the extra features and options offered by commercial BotDetect versions.

BotDetect Java Captcha Free Download

BotDetect Java CAPTCHA System Requirements

OS Application Server Java Browser

Supported Operating Systems:

  • Linux
  • Windows

Supported servers:

  • Apache Tomcat 5+
  • JBoss/WildFly 4+
  • WebSphere 6+
  • WebLogic 9+
  • GlassFish 2+
  • Resin 3+
  • Jetty 5+

Java, Servlet, JSP, JSF, HSQLDB:

  • Java 5+
  • Java Servlet 2.3+
  • JavaServer Pages 2.0+
  • JavaServer Faces 1.2+
  • HyperSQL Database 2.3+

Officially Supported Browsers*:

  • Chrome 49+
  • Edge 20+
  • Firefox 52+
  • IE 8+
  • Opera 36+
  • Safari (OSX) 5+
  • Safari (iOS 6+)

Numerous other browsers are not officially supported but the captcha still works.

Read the notes below!


'Officially Supported Browsers' are those browsers for which we do the testing in order to ensure that both the image and audio captcha options are working properly.

Nonetheless, both the image and audio captcha options are working properly in the most of non-archaic ** browsers anyway -- officially-supported, or not -- while the image captcha option alone works in all of them!

If you find our 'Officially Supported Browsers' policy too-restrictive check Recaptcha the Stalker's one that says:

  • We support the two most recent major versions of the following:

    • desktop (Windows, Linux, Mac): Chrome, Firefox, Safari, IE

    • mobile: Chrome, Safari, Android native browser (4.0+)

We guess that after checking the Recaptcha's policy -- you will consider ours as the accommodative one :).


Archaic browsers?

At present, our 'Archaic Browsers' policy works this way:

  • Those last remaining few real humans still browsing around using the WinXP should update their browsers to the latest version that still works on the XP.

Or, in the less nice words:

  • If those last remaining few laggards cannot be bothered to update their browsers -- we cannot be bothered neither -- nor you should be!

  • Half of the Internet is broken for them since years ago anyway -- and they do not seem to care!

Please Note

BotDetect Java Captcha Library v4.0.Beta3.5 is an in-progress port of BotDetect 4 Captcha, and we need you to guide our efforts towards a polished product. Please let us know if you encounter any bugs, implementation issues, or a usage scenario you would like to discuss.