• Post Reply Bookmark Topic Watch Topic
  • New Topic

Image based captcha code generation using JSP

 
Sheikkadar Mohamedsahib
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Team,

I have written below jsp code to generate captcha jpg image to output response in JSP. Here I'm getting the following error message as "java.lang.IllegalStateException: getOutputStream() has already been called for this response".

How to handle this issue ? Iam running out of any idea .

Thanks
Sheik

<%@ page import="java.io.*" %>
<%@ page import="java.awt.*"%>
<%@ page import="java.awt.image.*"%>
<%@ page import="javax.imageio.ImageIO"%>
<%@ page import="java.util.*"%>
<%
int width=75;
int height=35;
Random rdm=new Random();
int rl=rdm.nextInt();

String hash1 = Integer.toHexString(rl);

String capstr=hash1.substring(0,5);

session.setAttribute("captchacode",capstr);

Color background = new Color(204,204,204);

Color fbl = new Color(0,100,0);

Font fnt=new Font("SansSerif",1,17);

BufferedImage cpimg =new BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);

Graphics g = cpimg.createGraphics();

g.setColor(background);

g.fillRect(0,0,width,height);

g.setColor(fbl);

g.setFont(fnt);

g.drawString(capstr,10,25);

g.setColor(background);

//g.drawLine(10,17,80,17);

//g.drawLine(10,22,80,22);

try
{
response.setContentType("image/jpeg");
OutputStream strm = response.getOutputStream();
if(response !=null && strm !=null)
{
ImageIO.write(cpimg,"jpeg",strm);
cpimg.flush();
strm.close();
}
}
catch(Exception e)
{
e.printStackTrace();
System.out.println(e.getMessage());
}
%>
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JSPs are for generating textual content; you need to use a servlet instead.
 
Joe Areeda
Ranch Hand
Posts: 332
2
Java Netbeans IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:JSPs are for generating textual content; you need to use a servlet instead.

I agree with Ulf but I would have said you should use a servlet instead.

I made a similar mistake in my early implementation and tracking down that error message took a lot of time and effort.

It results from the Java code and the JSP both sending stuff to the client. In my case the JSP was sending white space which made it hard to find.

Joe
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joe Areeda wrote:
Ulf Dittmer wrote:JSPs are for generating textual content; you need to use a servlet instead.

I agree with Ulf but I would have said you should use a servlet instead.

And I'll agree with Ulf. In 2013, it is irresponsible and outright incorrect to use JSP for anything but rendering a view. If there is Java code in your JSP, it's wrong. There is no gray area.
 
Joe Areeda
Ranch Hand
Posts: 332
2
Java Netbeans IDE Tomcat Server
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:And I'll agree with Ulf. In 2013, it is irresponsible and outright incorrect to use JSP for anything but rendering a view. If there is Java code in your JSP, it's wrong. There is no gray area.


Well your military background is showing but I will say that it took reading a book and spending quite a bit of time to understand how to get my code to comply with the last time you told me that.

I have removed all the scriplets calling Java code from my web app, and am happy I did. I'm just a bit less dogmatic about saying code that works is wrong.

Joe
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joe Areeda wrote:Well your military background is showing ...




Actually, I think it's my age/experience showing. Through the years I have found that "works" is just one facet of good software development. If the code lacks clarity, is hard to maintain, is fragile, or cannot be easily extended, it's wrong even if it works to spec. Been there; done that; I have the scars.

Java code in a JSP makes the code wrong, even if it works as expected. It's a problem waiting to happen. It's a bug that hasn't shown itself yet. It's a burden to future development. For the Trek fans, it's like using proto-matter in your Genesis device -- it's a cheat that seems to get the job done, but at the cost of later cataclysms.

I don't think that expecting more from code than to "just work" is dogmatic; it's simply practical.
 
Joe Areeda
Ranch Hand
Posts: 332
2
Java Netbeans IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please don't get me wrong Bear. I really am not arguing with you.

I've found your comments helpful and practical.

My first paid computer job was in 1967 and have been doing this full time since '72, with a few years of retirement in there.

I also have a great appreciation for maintainable code that's up to current standards.



Joe
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joe Areeda wrote:I also have a great appreciation for maintainable code that's up to current standards.

Brother!
 
Sheikkadar Mohamedsahib
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Iam implementing same logic in servlets.. Here I have a query.

Below is my jsp
--------------------

<img src="captchareload.jsp" id="id_captcha"> <input type="button" name="button2" value="Reload" onClick="doRefreshCaptcha();">
<input type="button" value="Validate Confirm Code" >

Here I have used to ajax in the mehtod doRefreshCaptcha() to my captcha servlets.

Assume that servlets generating captcha code. My Question is how to set that generated captcha code to img attribute ? And also how to validate the captcha code on Validate Confirm button click ?

Please reply...

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


IF you have a servlet generating a captcha code image
THEN your img tag src MUST point to that servlet with whatever additional parameter information the servlet needs to generate the image

Bill
 
Sheikkadar Mohamedsahib
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks william. How to validate that code on button click ?
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sheikkadar Mohamedsahib wrote:Thanks william. How to validate that code on button click ?


Hint - what part of your application knows the text that was used to generate the captcha?

Bill
 
Sheikkadar Mohamedsahib
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am building a web application for Online Visa Processing. Before submitting a form, i need to get value from user and validate that captcha code.

Please help us on this requirement.

Please find attached the screenshot for the same.
captcha.JPG
[Thumbnail for captcha.JPG]
Captcha Screenshot
 
Sheikkadar Mohamedsahib
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are using servlets to generate captcha code.
 
Joe Areeda
Ranch Hand
Posts: 332
2
Java Netbeans IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sheikkadar Mohamedsahib wrote:We are using servlets to generate captcha code.


Sheikkadar,

There are two good reasons why you want your servlet to check the captcha:

1) If you do it in client side Javascript you have to send the text to compare against, even obfuscated this is a security problem.

2) It would be possible for a robot to submit the form without even checking the captcha

The random number included in the captcha could be kept in the Session object as an attribute that's checked on form submission.

One other point is your captcha is so clear it can probably be read by text scanner. That's why many capcha's are so hard to read. I personally prefer other means of implementing the Turing test, like pick the picture or answer this question.

Joe
 
Sheikkadar Mohamedsahib
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Joe !!

We have already been tried to validate the captcha code using session.setAttribute from servlets code. In my jsp we are using session.getAttribute to get that generated captcha code. My problem occurs on everytime if i do reload the page, it is returning old session object value.

In this case, how do i validate that captcha code. I agreed with you that captcha generated code should not be kept in JS.

Please guide us.

Please find the following source code using in our application:

jsp:

<img src="captcha" >
<%= session.getAttribute("captchacode")%>

servlets :

Random rdm = new Random();
int rl = rdm.nextInt();
String hash1 = Integer.toHexString(rl);
capstr = hash1.substring(0, 5);
session.setAttribute("captchacode", capstr);

Thanks,
Sheik
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!