Looking to take the simplest approach to resolving this problem, and seeing that Captcha was already present with the ACEGI Grails plugin we were already using, it seemed to make sense to just use it and avoid an additional set of libraries. So I spent an evening modifying all of the public facing input pages; it looked good! Then I tried to functionally test the CAPTCHA enabled pages...Yuch! What a mistake that was. I was tempted to just go in and change the CaptchaController source so my Webtest based test could access the Captcha value in session memory. But If I did that then I would have to update the Controller each time the ACEGI Grails plugin was updated. On so many fronts that seemed like a bad idea. Over a month later, and several bugs discovered by NEJUG members because of inadequate testing :(, I decided to try the Grails ReCaptcha plugin.
For those of you unfamiliar with ReCaptcha it is a set of APIs created by Carnegie Mellon SEI to provide Captcha support for web applications. Use of the ReCaptcha APIs is free, but you do have to create an account in order to get a public and private key which are necessary to invoke the ReCaptcha service. One other important thing to note, is use of ReCaptcha will cause your application to call the ReCaptcha service which could be an issue for those of you who do not like your applications to cross domain boundaries.
Honestly, at first glance ReCaptcha looked like a waste of time. The Captcha input box looked bulky and I really did not want to put a graphic icon on my pages saying "Stop Spam, Read Books"; even if I agreed with the general idea. There was slightly more coding and HTML Tags to call. BUT...it is possible to turn off ReCaptcha for development testing!!!!!! All of a sudden ReCaptcha won the comparison between the two Grails Captcha plugins. I immediately deployed ReCaptcha for the Registration page. ReCaptcha is also ADA Section 508(c) compatible! This means you will pass an accessibility test if you use ReCaptcha instead of many of the other Captcha implementations out there. In short, ReCaptcha user experience is easier for most users for two reasons; (1) the APIs can read the Captcha code on your computer's speaker, (2) you can select a different captcha if the current displayed one is unreadable. With these two features plus testability, I was sold with ReCaptcha!
Adding ReCaptcha support to your Grails based application is as simple as following the instructions on the Grails ReCaptcha plugin home page.
In short, the steps you will need to follow are: