2

Can I use recaptcha with apache wicket 1.5.3? Is there some good example?

Dominic Zukiewicz
  • 8,258
  • 8
  • 43
  • 61

3 Answers3

3

In terms of Google reCAPTCHA v2, you can just follow its instruction, which is straightforward.

First of all, go to Google reCAPTCHA, and register your application there. Then you can work on the client and server sides respectively as below:

On the client side (see ref)

First, paste the snippet below <script...></script> before the closing tag on your HTML template, for example:

    <script src='https://www.google.com/recaptcha/api.js'></script>
</head>

Then paste the snippet below <div...></div> at the end of the where you want the reCAPTCHA widget to appear, for example:

    <div class="g-recaptcha" data-sitekey="{your public site key given by Google reCAPTCHA}"></div>
</form>

That's all on the client side.

On the server side (see ref)

When a user submits the form, you need to get the user response token from the g-recaptcha-response POST parameter. Then use the token, together with the secret key given by Google reCAPTCHA, and optional with the user's IP address, and then POST a request to the Google reCAPTCHA API. You'll then get the response from Google reCAPTHA, indicating whether the form verification succeeds or fails.

Below is the sample code on the server side.

  • User summits a Wicket form (Wicket 6 in this example):
protected void onSubmit() {
    HttpServletRequest httpServletRequest = (HttpServletRequest)getRequest().getContainerRequest();
    boolean isValidRecaptcha = ReCaptchaV2.getInstance().verify(httpServletRequest);
    if(!isValidRecaptcha){
        verificationFailedFeedbackPanel.setVisible(true);
        return;
    }

    // reCAPTCHA verification succeeded, carry on handling form submission
    ...
}

ReCaptchaV2.java (Just Java, web framework independent)

import javax.servlet.http.HttpServletRequest;    
import org.apache.log4j.Logger;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;


public class ReCaptchaV2 {

    private final static Logger logger = Logger.getLogger(ReCaptchaV2.class);

    private final static String VERIFICATION_URL = "https://www.google.com/recaptcha/api/siteverify";
    private final static String SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

    private static ReCaptchaV2 instance = new ReCaptchaV2();

    private ReCaptchaV2() {}

    public static ReCaptchaV2 getInstance() {
        return instance;
    }

    private boolean verify(String recaptchaUserResponse, String remoteip) {
        boolean ret = false;
        if (recaptchaUserResponse == null) {
            return ret;
        }

        RestTemplate rt = new RestTemplate();

        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);

        MultiValueMap<String, String> map= new LinkedMultiValueMap<String, String>();
        map.add("secret", SECRET);
        map.add("response", recaptchaUserResponse);
        if (remoteip != null) {
            map.add("remoteip", remoteip);
        }
        HttpEntity<MultiValueMap<String, String>> httpEntity = new HttpEntity<MultiValueMap<String, String>>(map, headers);

        ResponseEntity<String> res = null;
        try {
            res = rt.exchange(VERIFICATION_URL, HttpMethod.POST, httpEntity, String.class);
        } catch (Exception e) {
            logger.error("Exception: " + e.getMessage());
        }

        if (res == null || res.getBody() == null) {
            return ret;
        }

        Response response = null;
        try {
            response = new ObjectMapper().readValue(res.getBody(), Response.class);
        } catch (Exception e) {
            logger.error("Exception: " + e.getMessage());
        }

        if (response != null && response.isSuccess()) {
            ret = true;
        }

        logger.info("Verification result: " + ret);
        return ret;
    }

    public boolean verify(HttpServletRequest httpServletRequest) {
        boolean ret = false;
        if (httpServletRequest == null) {
            return ret;
        }

        String recaptchaUserResponse = httpServletRequest.getParameter("g-recaptcha-response");
        String remoteAddr = httpServletRequest.getRemoteAddr();
        return verify(recaptchaUserResponse, remoteAddr);
    }
}

Response.java (Java POJO)

public class Response {
    private String challenge_ts;
    private String hostname;
    private boolean success;

    public Response() {}

    public String getChallenge_ts() {
        return challenge_ts;
    }

    public void setChallenge_ts(String challenge_ts) {
        this.challenge_ts = challenge_ts;
    }

    public String getHostname() {
        return hostname;
    }

    public void setHostname(String hostname) {
        this.hostname = hostname;
    }

    public boolean isSuccess() {
        return success;
    }

    public void setSuccess(boolean success) {
        this.success = success;
    }

    @Override
    public String toString() {
        return "ClassPojo [challenge_ts = " + challenge_ts + ", hostname = " + hostname + ", success = " + success + "]";
    }
}
Yuci
  • 27,235
  • 10
  • 114
  • 113
  • Looks good but does anyone know of a reCAPTCHA v2 Wicket solution that does not have any dependencies on a resource zapping framework like Spring? – Volksman Jan 24 '20 at 17:22
  • Instead of having to override an existing Wicket form's onSubmit method would I wonder if the solution would be more reusable if it provided a new component that extended FormComponent (and overrode validate method) which could just be added to an existing form fairly easily. – Volksman Jan 24 '20 at 17:26
1

Have you read this?

I have added the guide here in case page disappears.

Usage

We will create a panel called RecaptchaPanel. In order to use this component to your application all you'll have to do is this:

add(new RecaptchaPanel("recaptcha"));

and of course, add the component in your markup:

<div wicket:id="recaptcha"></div>

Implementation

Implementation is simple. All you have to do, is to follow several steps:

Add recaptcha dependency to your project

<dependency>
 <groupid>net.tanesha.recaptcha4j</groupid>
 <artifactid>recaptcha4j</artifactid>
 <version>0.0.7</version>
</dependency>

This library hides the implementation details and expose an API for dealing with recaptcha service.

Create associated markup (RecaptchaPanel.html)

<wicket:panel><div wicket:id="captcha"></div></wicket:panel>

Create RecaptchaPanel.java

import net.tanesha.recaptcha.ReCaptcha;
import net.tanesha.recaptcha.ReCaptchaFactory;
import net.tanesha.recaptcha.ReCaptchaImpl;
import net.tanesha.recaptcha.ReCaptchaResponse;

/**
 * Displays recaptcha widget. It is configured using a pair of public/private keys which can be registered at the
 * following location:
 * 
* https://www.google.com/recaptcha/admin/create
 * <br>
 * More details about recaptcha API: http://code.google.com/apis/recaptcha/intro.html
 *
 * @author Alex Objelean
 */
@SuppressWarnings("serial")
public class RecaptchaPanel extends Panel {
  private static final Logger LOG = LoggerFactory.getLogger(RecaptchaPanel.class);
  @SpringBean
  private ServiceProvider serviceProvider;


  public RecaptchaPanel(final String id) {
    super(id);
    final ReCaptcha recaptcha = ReCaptchaFactory.newReCaptcha(serviceProvider.getSettings().getRecaptchaPublicKey(),
      serviceProvider.getSettings().getRecaptchaPrivateKey(), false);
    add(new FormComponent<void>("captcha") {
      @Override
      protected void onComponentTagBody(final MarkupStream markupStream, final ComponentTag openTag) {
        replaceComponentTagBody(markupStream, openTag, recaptcha.createRecaptchaHtml(null, null));
      }

      @Override
      public void validate() {
        final WebRequest request = (WebRequest)RequestCycle.get().getRequest();

        final String remoteAddr = request.getHttpServletRequest().getRemoteAddr();
        final ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
        reCaptcha.setPrivateKey(serviceProvider.getSettings().getRecaptchaPrivateKey());

        final String challenge = request.getParameter("recaptcha_challenge_field");
        final String uresponse = request.getParameter("recaptcha_response_field");
        final ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr, challenge, uresponse);

        if (!reCaptchaResponse.isValid()) {
          LOG.debug("wrong captcha");
          error("Invalid captcha!");
        }
      }
    });
  }
}
</void>

Things to notice:

  • ServiceProvider - is a spring bean containing reCaptcha configurations (public key and private key). These keys are different depending on the domain where your application is deployed (by default works for any key when using localhost domain). You can generate keys here: https://www.google.com/recaptcha/admin/create
  • The RecaptchaPanel contains a FormComponent, which allows implementing validate method, containing the validation logic.
  • Because reCaptcha use hardcoded values for hidden fields, this component cannot have multiple independent instances on the same page.
papkass
  • 1,261
  • 2
  • 14
  • 20
0

Maybe the xaloon wicket components can be a solution for you. They have a Recaptcha plugin.

LinuxLuigi
  • 693
  • 6
  • 14