This post originated from an RSS feed registered with Java Buzz by dion. Original Post: JCAPTCHA: Open Source Security Plugin Feed Title: techno.blog(Dion) Feed URL: http://feeds.feedburner.com/dion Feed Description: blogging about life the universe and everything tech Latest Java Buzz Posts Latest Java Buzz Posts by dion Latest Posts From techno.blog(Dion)

Since installing mt-scode for MoveableType, I wondered if there was a Java framework that would easily allow you to add CAPTCHA style authentication to our apps.

There is an open source framework: JCAPTCHA.

There is an article on the framework Use a CAPTCHA-based authentication module for J2EE Web applications

Spam has become one of the biggest menaces on the Web. Many community-based applications force authentication only to distinguish a valid user from an automated spam-bot, which can be overkill in some cases. CAPTCHAs help in differentiating between real users and automated bots. In this article, Anand Raman uses CAPTCHAs as weak authentication mechanisms for J2EE Web applications. He begins with a quick introduction to both the J2EE Web application security model and CAPTCHAs. He then builds on these concepts to implement a JAAS (Java Authentication and Authorization Service) login module using CAPTCHAs and integrates it with an application server's existing security infrastructure. The artifacts are based on standard J2EE security mechanisms. Hence, the module can be reused on any J2EE application or across different application servers with some minor modifications.

We have been using Acegi security recently, rather than CMS, and it would be nice to plug this in over there.

I often worry about the images. On one site I had to reload 3 times to get an image in which I could actually read!