2006年 8月 18日 金曜日
Captcha in Petstore 2.0
Despite that there are some issues in captcha, such as in accessibility, it is widely used in many web applications to separate the human and computer activities. (For the detailed explanation about captcha, take a look at the wikipedia entry.) There are many implementations available for various languages to incorporate this mechanism into your web application. It's also very easy to do so with Java EE 5 and AWT and in fact, the latest release of Petstore 2.0 from Java BluePrints group has this functionality in fileupload component. It looks like this.
Parts
This mechanism consists of the following resources.
Captcha generator servlet
This servlet creates the captcha image with a random string and put that information of the string into HttpSession object for later reference.
Creating the image dynamically is very simple. Although the code in Petstore 2.0 has a little more twist like drawing lines as a noise and scatter characters within the box, it essentially does:-BufferedImage bufferImg = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); Graphics g = bufferImg.getGraphics(); g.setColor(background-color); g.fillRect(0, 0, width, height); g.setFont(new Font("Arial", Font.BOLD | Font.ITALIC, 30)); g.setColor(Color.GRAY); g.drawString(message, startPosition, endPosition);Also, after creating this image, it applies the filter to convert the color to the blue-ish one. This is for a developer who wants to add another kind of filter such as for a distortion.
The class which generates the image and is used by the servlet can be seen here in java.net.Captcha validation filter
This is a very simple filter which compares the user input(with session id) and the stored string in the HttpSession object. When matched, it just pass the request to the original requested resource, otherwise it generates a error message in JSON and sends back to the client.
Next Challenge
So what's next? Perhaps I should create a JavaServer Faces component for captcha. Creating the component itself is relatively easy. They are just <h:outputText>, <h:graphicImage>, and <h:outputText> with attributes to specify the size, color, etc. The problem is a transaction for a validation. Yes, we can do a dynamic validation on only the client side with AJAX, however the logic to validate has to be associated with the process of the actual form submission. Even if we did the client side dynamic validation, the "proof" of validation still must be stored somewhere on the server side, otherwise people can mimic the form submission. That means a developer needs to implement a logic to do something in his or her web application even with JSF component. Well, I guess I need to think about this a little more...
Posted by yuta ( 8月 18日 2006年, 11:35:58 午前 PDT ) Permalink 投稿されたコメント [1]
This is a personal weblog, I do not speak for my employer.
