Wednesday, January 7, 2009

Captcha with Grails: ReCapcha versus the Acegi Captcha Controller

On the NEJUG website I was recently forced to add Captcha and some other logic to reduce the number of garbage entries for meeting event registrations. The site was getting a huge number of bounce back emails, which caused our hosting provider and some major free emailing services to get mad at us. After doing some data foresenics I found that one cause of the problem was random looking data for email addresses and names. To get back into the good graces with both the Hosting provider and the free emailing service, something had to be done, and the first thing which came to mind was to implement one of those Captcha inputs which are appearing all over the net.

Looking to take the simplest approach to resolving this problem, and seeing that Captcha was already present with the ACEGI Grails plugin we were already using, it seemed to make sense to just use it and avoid an additional set of libraries. So I spent an evening modifying all of the public facing input pages; it looked good! Then I tried to functionally test the CAPTCHA enabled pages...Yuch! What a mistake that was. I was tempted to just go in and change the CaptchaController source so my Webtest based test could access the Captcha value in session memory. But If I did that then I would have to update the Controller each time the ACEGI Grails plugin was updated. On so many fronts that seemed like a bad idea. Over a month later, and several bugs discovered by NEJUG members because of inadequate testing :(, I decided to try the Grails ReCaptcha plugin.

For those of you unfamiliar with ReCaptcha it is a set of APIs created by Carnegie Mellon SEI to provide Captcha support for web applications. Use of the ReCaptcha APIs is free, but you do have to create an account in order to get a public and private key which are necessary to invoke the ReCaptcha service. One other important thing to note, is use of ReCaptcha will cause your application to call the ReCaptcha service which could be an issue for those of you who do not like your applications to cross domain boundaries.

Honestly, at first glance ReCaptcha looked like a waste of time. The Captcha input box looked bulky and I really did not want to put a graphic icon on my pages saying "Stop Spam, Read Books"; even if I agreed with the general idea. There was slightly more coding and HTML Tags to call. is possible to turn off ReCaptcha for development testing!!!!!! All of a sudden ReCaptcha won the comparison between the two Grails Captcha plugins. I immediately deployed ReCaptcha for the Registration page. ReCaptcha is also ADA Section 508(c) compatible! This means you will pass an accessibility test if you use ReCaptcha instead of many of the other Captcha implementations out there. In short, ReCaptcha user experience is easier for most users for two reasons; (1) the APIs can read the Captcha code on your computer's speaker, (2) you can select a different captcha if the current displayed one is unreadable. With these two features plus testability, I was sold with ReCaptcha!

Adding ReCaptcha support to your Grails based application is as simple as following the instructions on the Grails ReCaptcha plugin home page.

In short, the steps you will need to follow are:
  • Install the Grails Captcha Plugin with the command line instruction; grails install-plugin recaptcha

  • Create a ReCaptcha account.
  • Save the private and public keys for reference and use in your application.

  • Paste the private and public keys into the ReCapchaCongfig.groovy file provided with the plugin

  • Make certain that ReCaptcha is disabled ("enabled = false")for any environment in which you plan to do any functional or controller based testing. Unless of course you just want to see view the Captcha information on your web pages.

  • Modify your controller to call ("recaptchaService.verifyAnswer()") for any save/update style method which processes HTML form input. The plugin documentation has a good example for this step.

  • Your last step is to choose a skin and add the ReCaptcha GSP Tags as supplied and documented by the plugin.

    Gaurav said...

    Thanks mate.... It helped me implement captcha in my grails project in less than 15mins :-)

    You helped me save some good amount of time

    J. Roberto Leon Cruz said...

    hi, here an example