Integrating Captcha with Spring Security

Question

What is appropriate way to integrate SpringSecurity with Capcha ?

I have following use case : When user will tries to login, if we he failed to login N times, captcha will be displayed, so authentication will be using three parameters : username, password, captcha. But Spring Security doesn't support built in Captcha handling.

I just start thinking about implementation. And have following variants:

• Adding separate security filter in Spring Security filter stack,
• Entirely rewrite AuthenticationProcessingFilter to support some Captcha
• Use some programmatic authentication with interception captcha logic and then transfering username and password to Spring Security

As a Captcha implementation I think about JCaptcha, but what your thougths?

Answer 1

As an alternative to using JCaptcha, if you'd like to use the reCAPTCHA Service on your site, then check out the free Section 4.4 (direct PDF link) of the new Spring in Practice book (currently in beta).

This shows you integration with Spring MVC and Spring Validation. Since the integration is on the front-end, w/external APIs, Spring Security doesn't really come into the picture here.

I am not sure what your use case is? Are you hoping to use captchas as an alternative to authentication to prove "human"-ness?