Recommendations for java captcha libraries [closed]

Question

I'm looking for a replacement for JCaptcha, which doesn't seem to be maintained any more, and isn't very good to begin with. The replacement has to integrate nicely with JavaEE webapps.

As I can see it, there are three options:

• JCaptcha - No longer maintained, crude API
• SimpleCaptcha - much nicer API, nicer captchas, but seems to be Java6 only
• ReCaptcha - easy to use, uses remote web-service to generate captchas, but not much control over look and feel

Has anyone used any others, that they'd recommend?

Answer 1

ReCaptcha is the only captcha you should use, because it's the only captcha that makes the world better (improve OCR results to old text), with almost unlimited database.

All other captchas are usually limited by its database, or do nothing good to this world.

EDIT :: I found steps how to implement captcha using recaptcha.

You can check both Online and Offline captcha using java here

Answer 2

I am the author of SimpleCaptcha. While I would recommend -- for humanity's sake -- using ReCaptcha where you can, I provided SimpleCaptcha because some organizations have policies which prohibit libraries like ReCaptcha. SimpleCaptcha is meant to be entirely stand-alone, with no external dependencies: as long as you are in a J2EE container, you should be good.

Also, SimpleCaptcha is now available for either Java 1.5 or Java 6.

Answer 3

What happens when ReCaptcha is down/unavailable? Does your service simply stop? Do you simply stop signing people up when it's down? Do you allow users to sign up even if ReCaptcha isn't running? If so, what are the security implications of this? Especially if you use CAPTCHA for more than just signup, e.g. reset password forms, login forms, ... which would not be acceptable to use without the CAPTCHA component.

The Java world of CAPTCHAs is in a sad state, with SimpleCaptcha seemingly the best solution for those of us out there that cannot accept a hosted service.

Answer 4

I created http://kaptcha.googlecode.com before recaptcha became as popular as it is today. It also offers you the ability to host it yourself, which may be necessary in some situations.

Kaptcha is a heavily modified and updated version of SimpleCaptcha and supports JDK5/6.

Answer 5

SimpleCaptcha is really nice and easy to use.

Here's an example how to use SimpleCaptcha with JSF 2.0 (the homepage has an example for JSP)

Note that I'm not even bothering to store the captcha value in the bean, I'm only validating it.

The bean:

// imports missing here

@ManagedBean
@SessionScoped
public class LoginBean implements Serializable
{
    public void validateCaptcha(FacesContext context,
            UIComponent componentToValidate,
            Object value)
            throws ValidatorException
    {
        HttpSession session = (HttpSession) context.getExternalContext().getSession(false);
        Captcha secretcaptcha = (Captcha) session.getAttribute(Captcha.NAME);
        if (secretcaptcha.isCorrect(value.toString()))
            return;

        // optional: clear field
        ((HtmlInputText) componentToValidate).setSubmittedValue("");

        throw new ValidatorException(new FacesMessage("Captcha does not match"));
    }
}

The relevant segment of the facelet:

        <h:form id="CaptchaForm">
            Type this: <br/>
            <h:graphicImage id="CaptchaImgID" value="/simpleCaptcha.png"/> <br/>
            <h:inputText id="CaptchaID"
                         required="true"
                         requiredMessage="Captcha missing"
                         validator="#{loginBean.validateCaptcha}"
                         validatorMessage="Captcha does not match"
                         immediate="true">
            </h:inputText>
            <br/>
            <h:commandButton value="Check"/>

            <p/>
            <!-- message for the input field -->
            <h:message id="CaptchaMsgID" for="CaptchaID" style="color:red" />
        </h:form>

The relevant segment of the web.xml:

<servlet>
    <servlet-name>SimpleCaptcha</servlet-name>
    <servlet-class>nl.captcha.servlet.SimpleCaptchaServlet</servlet-class>
<init-param>
    <param-name>captcha-width</param-name>
    <param-value>250</param-value>
</init-param>
<init-param>
    <param-name>captcha-height</param-name>
    <param-value>75</param-value>
</init-param>
</servlet>
<servlet-mapping>
    <servlet-name>SimpleCaptcha</servlet-name>
    <url-pattern>/simpleCaptcha.png</url-pattern>
</servlet-mapping>

Enjoy :-)

Answer 6

Kaptcha is a nice alternative to Recaptcha if you are looking to host your own captcha service instead of relying on a third party captcha service (like recaptcha).

Answer 7

I was able to get source (one by one from browser, not GIT :-( )and build with 1.5. I had a problem with the JDK 1.5 version throwing up the bad class version error ( the one that comes up when compiled with older java version is messed up) which was resolved when I copied the jar I built myself and it works like a charm. I would strongly advise anyone to use this. I tried jcaptcha and I must say it sucks.. the visitors to the web shouldnt have to struggle to verify the code in the image, that defeats the purpose....