J2EE developer with over 7 years of experience in designing and implementing enterprise j2ee solutions based on open source technologies like Tapestry, Hibernate, Spring. Current interests include Tapestry, Plastic, Spock, Scala. Taha is a DZone MVB and is not an employee of DZone and has posted 40 posts at DZone. You can read more from them at their website. View Full User Profile

Tapestry : Using reCaptcha

  • submit to reddit

There is already Captcha support build-in for Tapestry5 but doing something from scratch is always fun in Tapestry. So in this post we are going to use reCaptcha with Tapestry5. There are two ways of integrating reCaptcha in your website. One way is to add it statically and other using Ajax. We are going to use the former case.

Please go through the instructions here before proceeding.

We first put the required static content in the form of a component

<t:container xmlns:t='http://tapestry.apache.org/schema/tapestry_5_1_0.xsd'>
    <script type="text/javascript"
        <iframe src="http://www.google.com/recaptcha/api/noscript?k=${publicKey}"
                height="300" width="500" frameborder="0"></iframe>
        <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
        <input type="hidden" name="recaptcha_response_field"


public class ReCaptcha {
    @Parameter(defaultPrefix = BindingConstants.LITERAL, allowNull = false, required = true)
    private String privateKey;

    @Parameter(defaultPrefix = BindingConstants.LITERAL, allowNull = false, required = true)
    private String publicKey;

    private boolean valid;

    private String error;

    private FormSupport formSupport;

    private ComponentResources resources;

    private Request request;

    private HttpServletRequest servletRequest;

    private static final ComponentAction<ReCaptcha> PROCESS_SUBMISSION_ACTION = new

    private static final String RECAPTCHA_RESPONSE_FIELD = "recaptcha_response_field";

    private static final String RECAPTCHA_CHALLENGE_FIELD = "recaptcha_challenge_field";

    private static final String VERIFY_URL = "http://www.google.com/recaptcha/api/verify";

    void addProcessSubmissionAction() {
        if(formSupport == null){
           throw new RuntimeException(String.format(
                 "Component %s must be enclosed by a Form component.",

        formSupport.store(this, PROCESS_SUBMISSION_ACTION);

    private static class ProcessSubmissionAction implements ComponentAction<ReCaptcha> {
        public void execute(ReCaptcha component) {

    private void processSubmission() {
        String response = request.getParameter(RECAPTCHA_RESPONSE_FIELD);
        String challenge = request.getParameter(RECAPTCHA_CHALLENGE_FIELD);

        valid = verifyResponse(challenge, response, servletRequest.getRemoteAddr());

    private boolean verifyResponse(String challenge, String response, String ip) {
        Map<String, String> parameters = new HashMap<String, String>();

        parameters.put("privatekey", privateKey);
        parameters.put("challenge", challenge);
        parameters.put("response", response);
        parameters.put("remoteip", ip);
        error = post(parameters);

        return error == null;

    public String post(Map<String, String> parameters) {
        try {
            HttpURLConnection connection =
                (HttpURLConnection) new URL(VERIFY_URL).openConnection();
            String data = "";

            for(String key : parameters.keySet()) {
                data += key + "=" + parameters.get(key) + "&";


            PrintWriter writer = new PrintWriter(connection.getOutputStream());


            BufferedReader reader = new BufferedReader(
                new InputStreamReader(connection.getInputStream()));

            String status = reader.readLine();
            String error = null;

            if("false".equalsIgnoreCase(status)) {
                error = reader.readLine();

            return error;

        } catch(Exception ex) {
            throw new RuntimeException("Could not post to : " + VERIFY_URL, ex);


The important thing here to notice is that we need to process the submitted values. For that we inject FormSupport and store a ComponentAction into it. This action is executed on submission. Our action(ProcessionSubmissionAction) just executes processSubmission() method which in turn gets the submitted values and sends them as a POST request to the verification url.

The verification url returns first line as “true” or “false” depending upon whether the match was found or not. The second line is an error in case there is a mismatch.

The private key and public key are passed as arguments. Alternatively these can be set as Factory Defaults.

Usage is simple. Include it in your template inside a form.

<form t:type='form' t:id='myForm'>

   <div t:type='recaptcha' publickey='my_public_key'
        privatekey='my_private_key' valid='captchaValid'></div>


and then validate in your class.

private boolean captchaValid;

OnEvent(value = "validate", component = "myForm")
void validate(){
      throw ValidationException("Captcha did not match");


From http://tawus.wordpress.com/2011/10/14/tapestry-using-recaptcha/

Published at DZone with permission of Taha Siddiqi, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)


Amara Amjad replied on Sun, 2012/03/25 - 3:01am

Thanks a lot,
It works well for me. I just replace variables my_public_key and my_private_key with syntas like ${my_public_key}.
By the way do you know if it is ok to put the private key in the .tml file ? I preferred to use @property instead.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.