mkopylec / Recaptcha Spring Boot Starter
Licence: apache-2.0
Spring Boot starter for Google's reCAPTCHA
Stars: ✭ 103
Programming Languages
java
68154 projects - #9 most used programming language
Projects that are alternatives of or similar to Recaptcha Spring Boot Starter
Awbeci Ssb
spring spring-boot spring-security spring-social
Stars: ✭ 102 (-0.97%)
Mutual labels: spring-boot, spring
Spring Boot Shopping Cart
Simple shopping cart web app made using Spring Boot + Thymeleaf
Stars: ✭ 85 (-17.48%)
Mutual labels: spring-boot, spring
Spring Cloud Cloudfoundry
Integration between Cloudfoundry and the Spring Cloud APIs
Stars: ✭ 83 (-19.42%)
Mutual labels: spring-boot, spring
Easyfxml
A collection of tools and libraries for easier development on the JavaFX platform!
Stars: ✭ 102 (-0.97%)
Mutual labels: spring-boot, spring
Reactive Spring Security 5 Workshop
Hands-On workshop for securing a reactive spring boot 2 application in multiple steps
Stars: ✭ 92 (-10.68%)
Mutual labels: spring-boot, spring
Hex Arch Kotlin Spring Boot
Reference JVM multi module project for a reactive micro service and lambda using a hexagonal architecture, DDD, Kotlin, Spring Boot, Quarkus, Lambda, Gradle.
Stars: ✭ 83 (-19.42%)
Mutual labels: spring-boot, spring
Deploy Spring Boot Aws Eb
Deploying Spring Boot Apps to AWS using Elastic Beanstalk
Stars: ✭ 79 (-23.3%)
Mutual labels: spring-boot, spring
Java Spring Web
OpenTracing Spring Web instrumentation
Stars: ✭ 89 (-13.59%)
Mutual labels: spring-boot, spring
Spring Boot Style Guide
An opinionated guide on developing web applications with Spring Boot.
Stars: ✭ 88 (-14.56%)
Mutual labels: spring-boot, spring
Hooman
http interceptor to hoomanize cloudflare requests
Stars: ✭ 82 (-20.39%)
Mutual labels: captcha, recaptcha
Redisratelimiter
Redis Based API Access Rate Limiter
Stars: ✭ 80 (-22.33%)
Mutual labels: spring-boot, spring
Electron Vue Spring
An opinionated desktop application with web front-end and Java backend.
Stars: ✭ 83 (-19.42%)
Mutual labels: spring-boot, spring
Telegram Spring Boot Starter
Telegram Bot API Spring Boot Starter
Stars: ✭ 79 (-23.3%)
Mutual labels: spring-boot, spring
Spring Boot Mongodb Angular Todo App
A Sample App built using Spring Boot, Angular and MongoDB
Stars: ✭ 84 (-18.45%)
Mutual labels: spring-boot, spring
Rqueue
Rqueue aka Redis Queue [Task Queue, Message Broker] for Spring framework
Stars: ✭ 76 (-26.21%)
Mutual labels: spring-boot, spring
Spring Boot Jwt Demo
Simplest jwt demo with only 3 classes. Simple but product-level .
Stars: ✭ 86 (-16.5%)
Mutual labels: spring-boot, spring
Eureka Consul Adapter
This project contains a Spring Boot Starter that registers HTTP endpoints on a Spring Cloud Eureka server to support Prometheus's service discovery mechanism for Consul (<consul_sd_config>)
Stars: ✭ 93 (-9.71%)
Mutual labels: spring-boot, spring
reCAPTCHA Spring Boot Starter
To use the starter you will need a reCAPTCHA site key and a secret key. To get them go to the reCAPTCHA Home Page and set up your reCAPTCHA.
Installing
repositories {
mavenCentral()
}
dependencies {
compile group: 'com.github.mkopylec', name: 'recaptcha-spring-boot-starter', version: '2.3.1'
}
How to use
The starter can be used in 3 different modes:
Normal web application usage
Embed reCAPTCHA in HTML web page:
<html>
<head>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
...
</head>
<body>
<form action="/" method="post">
<div class="g-recaptcha" data-sitekey="<your_site_key>"></div>
<input type="submit" value="Validate reCAPTCHA" />
</form>
</body>
</html>
Inject RecaptchaValidator into your controller and validate user reCAPTCHA response:
@Controller
public class MainController {
@Autowired
private RecaptchaValidator recaptchaValidator;
@PostMapping("/")
public void validateCaptcha(HttpServletRequest request) {
ValidationResult result = recaptchaValidator.validate(request);
if (result.isSuccess()) {
...
}
}
}
Set your secret key in application.yml file:
recaptcha.validation.secret-key: <your_secret_key>
Additional info
RecaptchaValidator provides couple of useful methods to validate reCAPTCHA response.
Spring Security web application usage
Add Spring Security dependency:
dependencies {
compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.1.6.RELEASE'
}
Embed reCAPTCHA in HTML login web page:
<html>
<head>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
...
</head>
<body>
<form action="/login" method="post">
User: <input name="username" type="text" value="" />
Password: <input name="password" type="password" value="" />
<!--<if request has 'showRecaptcha' query param>-->
<div class="g-recaptcha" data-sitekey="<your_site_key>"></div>
<!--</if>-->
<input type="submit" value="Log in" />
</form>
</body>
</html>
Add reCAPTCHA support to your form login security configuration using FormLoginConfigurerEnhancer.
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private FormLoginConfigurerEnhancer enhancer;
@Override
protected void configure(HttpSecurity http) throws Exception {
enhancer.addRecaptchaSupport(http.formLogin()).loginPage("/login")
.and()
.csrf().disable()
...
}
}
Create custom login failures manager bean by extending LoginFailuresManager:
@Component
public class CustomLoginFailuresManager extends LoginFailuresManager {
public CustomLoginFailuresManager(RecaptchaProperties recaptcha) {
super(recaptcha);
}
...
}
Set your secret key in application.yml file:
recaptcha.validation.secret-key: <your_secret_key>
Additional info
After adding reCAPTCHA support to form login configuration you can only add AuthenticationSuccessHandler that extends
LoginFailuresClearingHandler and AuthenticationFailureHandler that extends LoginFailuresCountingHandler.
There can be 4 different query parameters in redirect to login page:
- error - credentials authentication error
- recaptchaError - reCAPTCHA authentication error
- showRecaptcha - reCAPTCHA must be displayed on login page
- logout - user has been successfully logged out
There is a default LoginFailuresManager implementation in the starter which is InMemoryLoginFailuresManager.
It is recommended to create your own LoginFailuresManager implementation that persists login failures in some storage.
Integration testing mode usage
Enable testing mode:
recaptcha.testing.enabled: true
Configure testing mode:
recaptcha.testing:
success-result: false
result-error-codes: INVALID_SECRET_KEY, INVALID_USER_CAPTCHA_RESPONSE
Additional info
In testing mode no remote reCAPTCHA validation is fired, the validation process is offline.
Configuration properties list
recaptcha:
validation:
secret-key: # reCAPTCHA secret key.
response-parameter: g-recaptcha-response # HTTP request parameter name containing user reCAPTCHA response.
verification-url: https://www.google.com/recaptcha/api/siteverify # reCAPTCHA validation endpoint.
timeout:
connect: 500ms # reCAPTCHA validation request connect timeout.
read: 1000ms # reCAPTCHA validation request read timeout.
write: 1000ms # reCAPTCHA validation request write timeout.
security:
failure-url: /login # URL to redirect to when user authentication fails.
login-failures-threshold: 5 # Number of allowed login failures before reCAPTCHA must be displayed.
continue-on-validation-http-error: true # Permits or denies continuing user authentication process after reCAPTCHA validation fails because of HTTP error.
testing:
enabled: false # Flag for enabling and disabling testing mode.
success-result: true # Defines successful or unsuccessful validation result, can be changed during tests.
result-error-codes: # Errors in validation result, can be changed during tests.
Examples
Go to reCAPTCHA Spring Boot Starter samples to view example applications.
License
reCAPTCHA Spring Boot Starter is published under Apache License 2.0.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].