Announcement Announcement Module
No announcement yet.
reCaptcha issue with Spring MVC Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • reCaptcha issue with Spring MVC


    I've been trying to integrate reCaptcha with my application built on Spring framework, but I am getting this error:

    org.springframework.web.bind.MissingServletRequestParameterException: Required String parameter 'recaptcha_challenge_field' is not present
    Could someone help me understand that why am I getting this error. I've got both "recaptcha_challenge_field" and "recaptcha_response_field" parameters bound to the User domain object.

    Could anybody help me understand what am I missing?


  • #2
    Here is the code of the controller I am using, all I am trying to do is register a user with reCaptcha functionality but what I am getting is a http status 400 with the error
    org.springframework.web.bind.MissingServletRequestParameterException: Required String parameter 'recaptcha_challenge_field' is not present

        public class UserManagementController {
        	private static final String RECAPTCHA_HTML = "reCaptchaHtml";
        	private UserService userService;
        	private ReCaptcha reCaptcha;
        	@RequestMapping(method=RequestMethod.GET, value="/")
        	public ModelAndView addNewUser() {
        		User user = new User();
        		String html = reCaptcha.createRecaptchaHtml(null, null);
        		ModelMap modelMap = new ModelMap();
        		modelMap.put("user", user);
        		modelMap.put(RECAPTCHA_HTML, html);
        		return new ModelAndView("/addNewUser", modelMap);
        	@RequestMapping(method=RequestMethod.POST, value="/")
        	public String addNewUser(@Valid  User user, BindingResult result, 												
        												@RequestParam("recaptcha_challenge_field") String challenge,
        												@RequestParam("recaptcha_response_field") String response,
        												HttpServletRequest request,												
        												Model model) {
        		String remoteAddr = request.getRemoteAddr();
        	    ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr, challenge, response);
        		if (!reCaptchaResponse.isValid()) {
        			result.rejectValue("captcha", "errors.badCaptcha");
        		model.addAttribute("user", user);
        		if (result.hasErrors()) {
        			return "addNewUser";
        		return "";
        	public void initBinder(WebDataBinder binder) {
        		binder.setAllowedFields(new String[] { 
        			"firstName", "lastName", "email",
        			"username", "password", "recaptcha_challenge_field", "recaptcha_response_field"
        	private void verifyBinding(BindingResult result) {
        		String[] suppressedFields = result.getSuppressedFields();
        		if (suppressedFields.length > 0) {
        			throw new RuntimeException("You've attempted to bind fields that haven't been allowed in initBinder(): " 
        					+ StringUtils.join(suppressedFields, ", "));
    Here is the addNewUser.jsp element on the form page for the above controller:

    				<td>Please prove you're a person</td>
    				<td><form:errors path="captcha" cssStyle="color:red"></form:errors></td>
    Could someone help me with it?



    • #3
      This won't work. Spring Web MVC has its own internal mechanism to handle low-level web objects like session, request and their interactions, hiding them from the developer which works with an higher level of abstraction (annotations and form: elements). This works fine provided you never "break" the mechanism by trying to handle low level objects yourself or letting other frameworks do it. In your case, you are generating html fragments with recaptcha and passing them directly to the page; these fragments handle the request (and maybe also the session) in their own peculiar way and this most probably breaks the integrity of the Spring web mvc flow. I'd do a quick search to see if there is an already implemented support / integration between Spring Web MVC and ReCaptcha; if yes, use it; if not, then it's best if you abandon recaptcha in favor of a solution that can integrate well with Spring.


      • #4
        Hi Enrico, thanks for reply. Yeah I removed the
        @RequestParam("recaptcha_challenge_field") String challenge
        @RequestParam("recaptcha_response_field") String response
        and tried
        String challenge = (String) request.getAttribute("recaptcha_challenge_field")
        String response = (String) request.getAttribute("recaptcha_response_field")
        , what I found was that I was getting null value for both recaptcha_response_field and recaptcha_response_field.

        I'll try some other captcha to get integrated with Spring MVC. It would be helpful if you cud tell me about the one that you think I should use.

        Thanks for reply


        • #5
          I'm by no means an expert when it comes to captcha but googling around I found that JCaptcha seems to integrate easily with Spring...maybe that could be worth exploring.


          • #6
            Hi Enrico, I am trying to integrate jCaptcha only. Thanks


            • #7
              Hi Enrico, I've got jCaptcha working, but I m still missing reCaptcha as I had it working with spring 2.5 sometime ago, wonder what am I missing this time with Spring 3.



              • #8
                @skipskipping, I'm not sure if this would help you. I've prepared a guide for integrating reCAPTCHA with Spring Security and Spring MVC.

                Spring Security 3: Integrating reCAPTCHA Service at

                It might be an overkill since your use case requires only reCAPTCHA and Spring MVC. It shouldn't be that difficult though if you're just using MVC


                • #9
                  Hi skram,

                  we tried to integrate the recaptcha code with our existing spring security. we are doing sf:form validation for user name and passwords. It goes to a controller. We have added the custom filter for captcha in xml file. But still the flow does not go to captchaFilter. Should we invoke captchafilter from our controller.Ideally it should have been taken care by spring security xml.
                  This is the code which would be invoked after user clickin on signup. SHould we include any code for invoking captchafilter here? PLs advise
                  if(appUserInDB == null) {

                  else {
                  message = "User with " +appUser.getUserId()+ " already exists";