Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
Introduction
reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows.
A CAPTCHA is a program that can tell whether its user is a human or a computer. You've probably seen them - colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from "bots," or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.
reCAPTCHA is a free CAPTCHA service that protects your site against spam, malicious registrations and other forms of attacks where computers try to disguise themselves as a human; a CAPTCHA is a Completely Automated Public Turing test to tell Computers and Human Apart. reCAPTCHA comes in the form of a widget that you can easily add to your blog, forum, registration form, etc.
http://www.google.com/recaptcha/learnmore
API Keys
To use reCAPTCHA, you need to sign up for API keys for your site. Unless you select the "global key" option, the keys are unique to your domain and sub-domains. (By default, all keys work on "localhost" (or "127.0.0.1"), so you can always develop and test on your local machine.)
https://developers.google.com/recaptcha/?csw=1
Integration
Once you've signed up for API keys, adding reCAPTCHA to your site consists of two steps and optionally a third step where you customize the widget:
In most Web forms, you usually have two files: the form itself with the fields, and the file with the script/servlet/servlet-filter to process the inputs to the form. These two files correspond to steps 1 and 2 above. Therefore, in most cases you will have to modify two different files.
For above step 3 please refer to recaptcha website.
https://developers.google.com/recaptcha/intro
Follow the steps below to enable captcha for login page without modifying the NAM IDP (nidp) code to existing name/password login page.
To be replaced text:
<tr>
<td align=right colspan=2 style="white-space: nowrap">
<input alt="<%=handler.getResource(JSPResDesc.LOGIN)%>" border="0" name="loginButton2" src="<%= handler.getImage("btnlogin.gif",true)%>" type="image" value="Login" onClick="return imageSubmit()">
</td>
</tr>
</table>
</td>
</tr>
<%
String err = (String) request.getAttribute(NIDPConstants.ATTR_LOGIN_ERROR);
if (err != null)
{
%>
<td style="padding: 10px">
<div class="instructions"><%=err%></div>
</td>
</tr>
<% } %>
Replace with:
<%
String err = (String) request.getAttribute(NIDPConstants.ATTR_LOGIN_ERROR);
int failCount =0;
HttpSession s= request.getSession();
if(s.getAttribute("loginFailCount") != null)
failCount = Integer.parseInt((String)s.getAttribute("loginFailCount"));
if (err != null || failCount > 0)
{
failCount ;
s.setAttribute("loginFailCount","" failCount);
}
// Increase this number to required number of login failures to show captcha
if(failCount >2)
{
try{
s.setAttribute("loginURL", request.getRequestURL() "?" request.getQueryString());
}catch(Exception e){}
request.setAttribute("capatchaEnabled","true");
//replace <public key> and <private key> with recaptcha public and private key
ReCaptcha c = ReCaptchaFactory.newSecureReCaptcha("<public key>", "<private key>", false);
((ReCaptchaImpl) c).setRecaptchaServer("https://www.google.com/recaptcha/api");
<!-Writes captcha widget -->
out.print(c.createRecaptchaHtml(null, null));
}
%>
<tr>
<td align=right colspan=2 style="white-space: nowrap">
<input alt="<%=handler.getResource(JSPResDesc.LOGIN)%>" border="0" name="loginButton2" src="<%= handler.getImage("btnlogin.gif",true)%>" type="image" value="Login" onClick="return imageSubmit()">
</td>
</tr>
</table>
</td> </tr>
<tr>.
<%
if (err != null)
{
%>
<td style="padding: 10px" align=center>
<div class="instructions"><%=err%></div>
</td>
</tr>
<% } %>
Copy the following
<filter>
<filter-name>recaptchaFilter</filter-name>
<filter-class>
com.netiq.recaptcha.RecaptchaFilter
</filter-class>
</filter>
<filter-name>recaptchaFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
Just above the:
<filter-mapping>
<filter-name>nidpJspFilter</filter-name>
<url-pattern>/jsp/*</url-pattern>
</filter-mapping>
References: