1

I seem to be having an issue with implementing a reCaptcha test on my page which I developed using Adobe's CQ5.

I have a reCaptcha component set up which consists of 2 .jsp files, one for displaying the captcha form and another for verification.

Here's what they look like

reCaptcha.jsp:

`

<%@include file="/libs/foundation/global.jsp"%>
<%
%>

<%@ page import="net.tanesha.recaptcha.ReCaptcha"%>
<%@ page import="net.tanesha.recaptcha.ReCaptchaFactory"%>
<html>
<body>
<form action="reCaptchaValidation.POST.jsp" method="post"><script
    type="text/javascript"
    src="http://www.google.com/recaptcha/api/challenge?k=public_key">
    </script>
<noscript><iframe
    src="http://www.google.com/recaptcha/api/noscript?k=public key"
    height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
       </textarea> <input type="hidden" name="recaptcha_response_field"
    value="manual_challenge"></noscript>
</body>
</html>

`

and here's my validation file reCaptcha.POST.jsp

  <%@include file="/libs/foundation/global.jsp"%>
<%
%>

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@ page import="net.tanesha.recaptcha.ReCaptchaImpl"%>
<%@ page import="net.tanesha.recaptcha.ReCaptchaResponse"%>
<html>
<body>
<%
       String remoteAddr = request.getRemoteAddr();
       ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
       reCaptcha.setPrivateKey("PRIVATE_KEY");
       String challenge = request.getParameter("recaptcha_challenge_field");
       String uresponse = request.getParameter("recaptcha_response_field");
       ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr, challenge, uresponse);
       if (reCaptchaResponse.isValid()) {
         out.print("is good");
       } else {
         out.print("is bad");
       }


     %>
</body>
</html>

When I include the component, the reCaptcha form shows up just fine. However, when I input values into the fields and hit return to submit the browser throws up an error like so:

Status  
500
Message     
javax.jcr.nodetype.ConstraintViolationException: no matching property definition found for {}recaptcha_challenge_field
Location    invalid link: /content/Main/reCaptchaValidation.POST.jsp/content/Main/reCaptchaValidation.POST.jsp
Parent Location     /content/Main
Path    
/content/Main/reCaptchaValidation.POST.jsp
Referer     http://localhost:4502/content/Main/Flash.html
ChangeLog   
<pre></pre>

I suspect that the issue lies in the way I'm handling my post call, but I have no idea what exactly is going wrong, and hence have no clue as to how to fix this.

Any pointers on this would be much appreciated.. Thanks in advance :)

bongman1612
  • 440
  • 1
  • 11
  • 23

1 Answers1

3

Have you tried using this in the form action:

action="<%=currentNode.getPath()%>.reCaptchaValidation.POST.jsp"
atgar
  • 216
  • 1
  • 2
  • thanks.. that did the trick.. Although I was under the impression that sling resolves the paths on it's own? that's probably why I felt it was okay to do it the way I did. Any thoughts on this? – bongman1612 May 17 '13 at 06:11
  • You can check this cheatsheet out: [link](http://dev.day.com/content/ddc/blog/2008/07/cheatsheet/_jcr_content/images/cheatsheet/front.png), it helps understanding how resource resolution works in sling. – atgar May 17 '13 at 15:24
  • @bongman1612 If you've a page `/content/foo/myPage.html` that contains a `recaptcha` component & you make the action `/content/foo/myPage/_jcr_content/recaptcha.POST.html`, Sling will look after finding the JSP script, which is actually under `/apps/foo/components/content/recaptcha`. But to do this it has to be looking at the `sling:resourceType` of a node, which needs a full path rather than just a name — First it finds the node in the JCR, then it looks up the resourceType, then it resolves the script to use. – anotherdave May 17 '13 at 21:45
  • @anotherdave is it possible for me to redisplay the captcha if the user fails to get it right? If so, how am I going to be able to send the result of `if (reCaptchaResponse.isValid()) { out.print("is good"); } else { out.print("is bad"); }` over to reCaptcha.jsp? Any thoughts? – bongman1612 May 21 '13 at 08:50
  • You would normally do this by sending the user either back to the page with the form (which would be `currentPage.path`) or sending them on to a different page. For either, it's suitable to use `response.sendRedirect` (this does a *HTTP 302 redirect*, which is technically incorrect, but works by convention - see here for more: http://stackoverflow.com/questions/5129076/after-a-post-should-i-do-a-302-or-a-303-redirect ). These redirect could replace your current `System.out.print` logging. – anotherdave May 22 '13 at 07:42
  • @anotherdave thanks for that. Just a final clarification on this topic. In a real world implementation, I would ideally have an actual form (for example, a registration form) along with a recaptcha component. So if I were to redirect it back to the same page (in this case it would be the jsp that renders the captcha ALONE and not my registration form), am I right in assuming that I won't have to re-enter any data within the registration form, i.e all the fields remain as they were before I entered my captcha test(incorrectly :P)? Thanks for your support! :D – bongman1612 May 22 '13 at 11:41
  • 1
    @bongman1612 I think it depends on the browser which way they'll cache entries by default, but I'm not sure that most will have them pre-populated after redirecting to the form (would be different if the user went back in their browser history). Regarding populating the fields, you could do it a few different ways — add parameters to the URL to store the values & read from these in the JSP; add the submitted values in the session; just send the reCaptcha via AJAX so the user stays on the page itself, etc; make sure to sanitize the data if redisplaying it though to avoid XSS. – anotherdave May 23 '13 at 19:52