Jcaptcha implementaion in J2EE web application .Step by step

How to create security certificate (SSL ) in apache tomcat server ?

IE 8 mixed content issue .

CAPTCHA - Jcaptcha a bad option ?

Jcaptcha problems

Warning - In UNIX environment JCAPTCHA need X11 server running .But In my case inspite of this server graphic image generation was not possible so I opted for reCAPTCHA.

• Main Troubles
  

  1. JVM Memory issues as graphic image is created for every new user
  2. Need X11 server running in UNIX which could be security issue in server environment.
  3. Till date No audio CAPTCHA available . It uses JPEG encoding classes which may become copyright of Oracle in future

• Advantages
  

  1. No dependency on third party
  2. Validation of CAPTCHA is done on our server .

• Recaptcha Buzz points

• It's Free! Yep, reCAPTCHA is free.
  It's Accessible. reCAPTCHA has an audio test that allows blind people to freely navigate your site.
  It's Secure. Most other CAPTCHA implementations can be easily broken.
  It's Popular. Over 100,000 sites use reCAPTCHA, including household names like Face book, Ticketmaster, and Craigslist .
  It's Easy. reCAPTCHA is a Web service. As such, adopting it is as simple as adding a few lines of code on your site. Also available in for J2EE environment. Also available for HTTPS secure connection.
  No problems with UNIX like memory , X11 server as graphic is not generated at our server
  Customization is available to some extend .
  
  

• Main trouble !

1. Dependency on reCAPTCHA server .
2. If their server is down login , registration functionality will be down .
3. For CAPTCHA versification third party server call is made which depends on security setting (firewall settings etc.) of deployed environment .

• Step by Step Implementation (in Java Server Faces )

• I . IN XHTML

 <script type="text/javascript"
src="http://api.recaptcha.net/challenge?k=your_public_key">
</script>
<noscript>
<iframe src="http://api.recaptcha.net/noscript?k=your_public_key"
height="300" width="500" frameborder="0"></iframe><br>
</noscript>

Step by Step Implementation

• II . In backingBean.java

 Boolean checkData (){
// Other code
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest) facesContext
.getExternalContext().getRequest();
String challenge = request.getParameter("recaptcha_challenge_field");
String response = request.getParameter("recaptcha_response_field");
String remoteAddr = request.getRemoteAddr();
RECAPTCHASingleton RECAPTCHASingleton = RECAPTCHASingleton
.getInstance();
boolean isResponseCorrect = RECAPTCHASingleton.validate(challenge,
response, remoteAddr);
if (!isResponseCorrect)
{
flag = false;
}
//Other code
}

Step by Step Implementation

• III . New singleton Class

 import net.tanesha.recaptcha.ReCaptchaImpl;
import net.tanesha.recaptcha.ReCaptchaResponse;
public class RECAPTCHASingleton
{
// Logic for SINGLETON DESIGN PATTERN
public synchronized boolean validate(String challenge, String response,String remoteAddr)
{
ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
reCaptcha.setPrivateKey();
ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr,
challenge, response);
return reCaptchaResponse.isValid();
}
} 

• Dependency of External Jars

1. recaptcha4j-0.0.7.jar
2. Recaptcha server availability .

• References
  
  
  1. http://recaptcha.net/
  2. http://code.google.com/p/recaptcha/
  3. http://wiki.recaptcha.net/index.php/How_to_change_reCAPTCHA_colors
  4. http://wiki.recaptcha.net/index.php/Overviewhttp://wiki.recaptcha.net/index.php/Overview http://wiki.recaptcha.net/index.php/Overview
  5. http://wiki.recaptcha.net/index.php/Firewalls_and_reCAPTCHA

---------- NILESH SALPE