A captcha is an image with some modified text on it. They're usually used to prevent automated scripts from accessing certain parts of your site. For example, you'd add a captcha on a wiki edit page or a forum reply page so a spammer doesn't make a bunch of fake content on your site. You can find a detailed explanation and screenshots here: http://en.wikipedia.org/wiki/Captcha.

This page will teach you how to add a captcha to your site by using reCAPTCHA. reCAPTCHA is a free (and ad-free) widget that will generate captchas for you.

First things first; you will need to sign up for a reCAPTCHA account. Don't worry, this is very straightforward. Sign up for an account here: http://recaptcha.net/whyrecaptcha.html. After you sign up, you will be given a public and a private key. Write these down because you'll need them later.

The second thing you'll want to do is download a reCAPTCHA library that simplifies using the reCAPTCHA API in java. You can download that here: http://code.google.com/p/recaptcha/downloads/list. Download the zip that says "for Java". Extract the jar and put it in your classpath.

Now for some code. Add this to your ActionBean:

 
public String getReCaptchaHtml() { 
ReCaptcha recaptcha = createReCaptcha(); 
return recaptcha.createRecaptchaHtml("You did not type the captcha correctly", new Properties()); 
} 

private ReCaptcha createReCaptcha() { 
String publicKey = //your public key 
String privateKey = //your private key 
return ReCaptchaFactory.newReCaptcha(publicKey, privateKey, true); 
}

With this, we can add the reCAPTCHA widget to our JSP like so:

 
${actionBean.reCaptchaHtml}

But one thing remains: We don't have a way to tell if the user submitted the correct value. Lets assume the method that gets called on submit is named "submit". Here's how you would add a validation method that ensures that the captcha code was entered correctly:

 
@ValidationMethod(on = "submit") 
public void captchaValidation(ValidationErrors errors) { 
ReCaptchaResponse response = createReCaptcha().checkAnswer(context.getRequest().getRemoteAddr(),
context.getRequest().getParameter("recaptcha_challenge_field"),
context.getRequest().getParameter("recaptcha_response_field"));
if (!response.isValid()) { 
errors.add("Captcha", new SimpleError("You didn't type the captcha correctly!")); 
} 
}

This will give you a completely functional captcha.