Announcement Announcement Module
Collapse
No announcement yet.
reCaptcha issue with Spring MVC Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • reCaptcha issue with Spring MVC

    Hi

    I've been trying to integrate reCaptcha with my application built on Spring framework, but I am getting this error:

    Code:
    org.springframework.web.bind.MissingServletRequestParameterException: Required String parameter 'recaptcha_challenge_field' is not present
    Could someone help me understand that why am I getting this error. I've got both "recaptcha_challenge_field" and "recaptcha_response_field" parameters bound to the User domain object.

    Could anybody help me understand what am I missing?

    Thanks

  • #2
    Here is the code of the controller I am using, all I am trying to do is register a user with reCaptcha functionality but what I am getting is a http status 400 with the error
    Code:
    org.springframework.web.bind.MissingServletRequestParameterException: Required String parameter 'recaptcha_challenge_field' is not present
    :

    UserManagementController.java

    Code:
        @Controller
        public class UserManagementController {
        	private static final String RECAPTCHA_HTML = "reCaptchaHtml";
        	
        	@Autowired
        	private UserService userService;
        	
        	@Autowired
        	private ReCaptcha reCaptcha;
        
        	@RequestMapping(method=RequestMethod.GET, value="/addNewUser.do")
        	public ModelAndView addNewUser() {
        		User user = new User();
        		String html = reCaptcha.createRecaptchaHtml(null, null);
        		
        		ModelMap modelMap = new ModelMap();
        		modelMap.put("user", user);
        		modelMap.put(RECAPTCHA_HTML, html);
        		
        		return new ModelAndView("/addNewUser", modelMap);
        	}
        	
        	@RequestMapping(method=RequestMethod.POST, value="/addNewUser.do")
        	public String addNewUser(@Valid  User user, BindingResult result, 												
        												@RequestParam("recaptcha_challenge_field") String challenge,
        												@RequestParam("recaptcha_response_field") String response,
        												HttpServletRequest request,												
        												Model model) {
        		
        		verifyBinding(result);
        		String remoteAddr = request.getRemoteAddr();
        	    ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr, challenge, response);
        		if (!reCaptchaResponse.isValid()) {
        			result.rejectValue("captcha", "errors.badCaptcha");
        			}
        		
        		model.addAttribute("user", user);
        		if (result.hasErrors()) {
        			result.reject("form.problems");
        			return "addNewUser";
        		}
        		return "redirect:showContent.do";
        	}
        
        	@InitBinder
        	public void initBinder(WebDataBinder binder) {
        		binder.setAllowedFields(new String[] { 
        			"firstName", "lastName", "email",
        			"username", "password", "recaptcha_challenge_field", "recaptcha_response_field"
        		});
        	}
        	
        	private void verifyBinding(BindingResult result) {
        		String[] suppressedFields = result.getSuppressedFields();
        		if (suppressedFields.length > 0) {
        			throw new RuntimeException("You've attempted to bind fields that haven't been allowed in initBinder(): " 
        					+ StringUtils.join(suppressedFields, ", "));
        		}
        	}
        }
    Here is the addNewUser.jsp element on the form page for the above controller:

    Code:
    			<tr>
    				<td>Please prove you're a person</td>
    				<td>${reCaptchaHtml}</td>
    				<td><form:errors path="captcha" cssStyle="color:red"></form:errors></td>
    			</tr>
    Could someone help me with it?

    Thanks.

    Comment


    • #3
      This won't work. Spring Web MVC has its own internal mechanism to handle low-level web objects like session, request and their interactions, hiding them from the developer which works with an higher level of abstraction (annotations and form: elements). This works fine provided you never "break" the mechanism by trying to handle low level objects yourself or letting other frameworks do it. In your case, you are generating html fragments with recaptcha and passing them directly to the page; these fragments handle the request (and maybe also the session) in their own peculiar way and this most probably breaks the integrity of the Spring web mvc flow. I'd do a quick search to see if there is an already implemented support / integration between Spring Web MVC and ReCaptcha; if yes, use it; if not, then it's best if you abandon recaptcha in favor of a solution that can integrate well with Spring.

      Comment


      • #4
        Hi Enrico, thanks for reply. Yeah I removed the
        Code:
        @RequestParam("recaptcha_challenge_field") String challenge
        and
        Code:
        @RequestParam("recaptcha_response_field") String response
        and tried
        Code:
        String challenge = (String) request.getAttribute("recaptcha_challenge_field")
        and
        Code:
        String response = (String) request.getAttribute("recaptcha_response_field")
        , what I found was that I was getting null value for both recaptcha_response_field and recaptcha_response_field.

        I'll try some other captcha to get integrated with Spring MVC. It would be helpful if you cud tell me about the one that you think I should use.

        Thanks for reply

        Comment


        • #5
          I'm by no means an expert when it comes to captcha but googling around I found that JCaptcha seems to integrate easily with Spring...maybe that could be worth exploring.

          Comment


          • #6
            Hi Enrico, I am trying to integrate jCaptcha only. Thanks

            Comment


            • #7
              Hi Enrico, I've got jCaptcha working, but I m still missing reCaptcha as I had it working with spring 2.5 sometime ago, wonder what am I missing this time with Spring 3.

              Thanks

              Comment


              • #8
                @skipskipping, I'm not sure if this would help you. I've prepared a guide for integrating reCAPTCHA with Spring Security and Spring MVC.

                Spring Security 3: Integrating reCAPTCHA Service at http://krams915.blogspot.com/2011/02...recaptcha.html

                It might be an overkill since your use case requires only reCAPTCHA and Spring MVC. It shouldn't be that difficult though if you're just using MVC

                Comment


                • #9
                  Hi skram,

                  we tried to integrate the recaptcha code with our existing spring security. we are doing sf:form validation for user name and passwords. It goes to a controller. We have added the custom filter for captcha in xml file. But still the flow does not go to captchaFilter. Should we invoke captchafilter from our controller.Ideally it should have been taken care by spring security xml.
                  This is the code which would be invoked after user clickin on signup. SHould we include any code for invoking captchafilter here? PLs advise
                  if(appUserInDB == null) {
                  userService.signupUser(appUser);

                  }
                  else {
                  message = "User with " +appUser.getUserId()+ " already exists";
                  }

                  Comment

                  Working...
                  X