However, we can implement a captcha concept in a simple java application like servlet based web application, MVC application, Spring MVC etc. Here we will implement it in Spring Boot as it is the most demanding technology these days. Generally, we implement a captcha in Login page or Registration page to safeguard our application from hackers. Here in this article we will implement it in a user registration page in such a way that if a user doesn’t not enter the captcha or enters wrong captcha, registration will not succeed at all. Let’s talk something more about it and then start working on ‘How to secure Spring Boot Application by Captcha Validation?’.
Table of Contents (Click on links below to navigate)
- 1 What Can You Expect from This Article on spring boot captcha example?
- 2 What is Captcha?
- 3 What are CAPTCHAs Used for?
- 4 What are the different types of captcha?
- 5 How to secure Spring Boot Application by Captcha Validation?
- 5.1 What all Tools/Technologies used in this example project?
- 5.2 Step#1: Creating Spring Boot Application using STS
- 5.3 Step#1A: Add Captcha related dependencies in pom.xml
- 5.4 Step#2 : Update database properties in application.properties file
- 5.5 Step#3 : Create User Entity & Repository interface
- 5.6 Step#4 : Create Service Interface & Service Implementation class
- 5.7 Step#5 : Create a Utility class to generate Captcha
- 5.8 Step#6 : Create a UserController class
- 5.9 Step#7 : Write UI pages(Thymeleaf)
- 6 How to test the application?
- 7 How to verify the registered users in H2 DB?
- 8 Summary
What Can You Expect from This Article on spring boot captcha example?
Once you complete going through this article, you will be able to answer :
1) How can a hacker access your application?
2) Why did we need Captcha?
3) What is Captcha?
4) What are the usage of Captcha?
5) What are the different types of Captcha?
6) How will you implement a Captcha validation in a Spring Boot application?
7) How to create a Registration form using Spring Boot MVC concept?
8) How to create a industry Standard Spring Boot MVC application using all layers?
9) How to apply bootstrap design in a form creation?
10)How to test a Captcha integrated application?
11) Last but not the least ‘How to secure Spring Boot Application by Captcha Validation?’. In a nutshell, spring boot captcha example.
What is Captcha?
A CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart“. It is a type of challenge–response test to determine whether the user is human or not. Basically Captcha is a kind of tool to differentiate between human users and automated users such as bots. Captcha provides an authorization test that is easy for a human being to perform. On the other hand it becomes relatively difficult to perform in a computer program. For example, recognizing elongated letters or numbers, or clicking on an area with a specific image.
What are CAPTCHAs Used for?
Primarily any website or application that wants to block the usage by computer programs such as bots uses Captcha. Some Other usage includes:
1) We can use Captcha to protect bots from spamming registration process. They can even create dummy & fake accounts.
2) We can use Captcha to protect bots from spamming contact forms on the website.
3) Also Captcha can prevent bots from spamming reviews on the websites.
4) In addition, a ticketing application can use captcha. It can limit agents from purchasing a huge number of tickets for resale.
What are the different types of captcha?
This is one of the simple and popular type of Captcha, where a math problem appears on the website. For example, a user may have to solve and enter the answer for a given math problem such as “1+3”. This can be difficult for a bot to solve and enter an answer for, which makes this type of CAPTCHA more secure.
Text Based Problem
This type of CAPTCHA has a simple text problem for the user. These CAPTCHAs can use known words or phrases, or random combinations of digits and letters. They also may have combination of lower or upper case letters. It might offer the user to retype it as it is.
Social Media Sign In
Another way to offer CAPTCHA is to have users sign in using their Facebook, Google, Instagram, LinkedIn or other social media account. This also means that the user is verified to sign in without having to enter in any information. A strong point of having a website linked to social media accounts is that bots can’t sign in because they don’t have a social media account to use.
They are as an alternative that grants accessibility to visually impaired users. Audio CAPTCHAs offers an audio recording of a sequence of letters or numbers. User needs to listen audio and then enter the same.
Time Based CAPTCHA
This type of CAPTCHA also has an easy way to identify whether it is a human user or a bot. It records the amount of time it takes a user to fill out their information on a form. It will probably take a bit of time to fill out a form, if it is a human user. On the other hand, Bots will fill out a form almost like a shot.
No CAPTCHA ReCAPTCHA
This type of CAPTCHA has been created by Google. Sometimes in short we call it Google reCAPTCHA. The task to the user is to click on a box stating, “I am not a robot”. It could also involve clicking on the box with the finger, rather than the mouse if used with phone or mobile apps.
This type of CAPTCHA offers users to follow some kind of instruction and match images. For example, they might be instructed to, “Click on each image that has a street light sign in it”.
It offers the user to perform some kind of job where they are moving or matching items to one another. An example would be showing an image of a box with other images next to it. The CAPTCHA will ask the user to place the ball into the box to verify their human nature.
How to secure Spring Boot Application by Captcha Validation?
We will start with creating a User Registration form. First, we will take three fields. User name, User Email and a Captcha field. Further, we will declare two more supporting fields for captcha. We will consider implementing the most popular text based captcha. If the user enters correct values of Captcha image, the registration process will proceed. On successful registration a page with a list of all users will appear. Let’s start doing the whole implementation step by step.
What all Tools/Technologies used in this example project?
Below is the list of tools/technologies that we have used in our spring boot captcha example.
♦ STS (Spring Tool Suite) : Version-> 4.7.1.RELEASE
♥ Dependent Starters : Spring Web, Thymeleaf, Spring Data JPA, H2 Database, Lombok, Spring Boot DevTools
♦ JDK8 or later versions (Extremely tested on JDK8, JDK11 and JDK14)
Step#1: Creating Spring Boot Application using STS
While creating Starter Project select ‘Spring Web’, ‘Thymeleaf’, ‘Spring Data JPA’, ‘H2 Database’, ‘Lombok’ and ‘Spring Boot DevTools’ as starter project dependencies. Even If you don’t know how to create Spring Boot Starter Project, Kindly visit Internal Link. Also, if you want to know more about Lombok, then visit separate article on ‘Lombok‘.
Furthermore, in order to get Captcha features, you need to add two dependencies in your pom.xml. You can find an open source java library form here.
<!-- https://mvnrepository.com/artifact/cn.apiclub.tool/simplecaptcha --> <dependency> <groupId>cn.apiclub.tool</groupId> <artifactId>simplecaptcha</artifactId> <version>1.2.2</version> <!-- we have to manage version here --> </dependency> <!-- https://mvnrepository.com/artifact/javax.xml.bind/jaxb-api --> <dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> </dependency>
Step#2 : Update database properties in application.properties file
Update application.properties to connect with H2 Database accordingly. Please note that, here we are using H2 in-memory database. However, you can use any other DB as per your requirement. For example, the file will look like as below.
# application.properties --------------------------------------------- server.port=8080 spring.jpa.show-sql=true spring.h2.console.enabled=true spring.datasource.url=jdbc:h2:mem:captchadb
Step#3 : Create User Entity & Repository interface
Now create User.java & UserRepositoty.java as we use to create in a simple user registration flow.
Step#4 : Create Service Interface & Service Implementation class
Create Service Interface and Service Impl class as IUserService.java and UserServiceImpl.java accordingly as shown below.
Step#5 : Create a Utility class to generate Captcha
This class will create a captcha and encode the same in a binary string from. We will name it as CaptchaUtil.java as below.
♥ Please remember that this class is the heart of all our code that offers us to implement the functionality related to Captcha.
Step#6 : Create a UserController class
Subsequently, write a controller class for User as ‘UserController.java’ which will control the user registration page.
Step#7 : Write UI pages(Thymeleaf)
Below are the .html files for UI pages. We have only two pages registerUser.html and listUsers.html. Now place these pages inside ‘src/main/resources/templates’ folder accordingly. Here we have also used bootstrap for page designing.
How to test the application?
1) Start the application : Right click on the project, then select “Run As’ >> ‘Spring Boot App’.
2) Enter the registration page URL http://localhost:8080/user/register into the browser.
3) Fill up the values in the fields including captcha and click on the ‘Register’ button accordingly.
4) If you fill the correct value of captcha you will be redirected to the User List page. You can see the details of the registered user. Further to register other user you can click on ‘ADD USER’ button.
5) If you don’t fill the value of captcha or fill the wrong value, you will get ‘Invalid Captcha’ message at the footer of the form.
How to verify the registered users in H2 DB?
1) To see H2-DB console type http://localhost:8080/h2-console/ into the new browser window
2) Enter JDBC URL value as ‘jdbc:h2:mem:captchadb’
3) Now click on ‘connect’ button.
4) Finally run a query ‘select * from user’. You will get the expected results.
♥ Please note that this is an in-memory DB. Therefore values will persist into DB only till the session is valid. As mentioned earlier, you can also use other DB as per your requirement.
After going through all the theoretical & example part of ‘How to secure Spring Boot Application by Captcha Validation?’, finally, we are able to implement Captcha security in a Spring Boot project. Similarly, we expect from you to further extend this spring boot captcha example and implement it in your project accordingly. In order to learn the validation using Google reCAPTCHA in Spring Boot, kindly visit Google reCAPTCHA validation in Spring Boot. You can also check more details on Captcha integration from here. In addition, If there is any update in future, we will also update the article accordingly. Moreover, Feel free to provide your comments in comments section below.