如何从服务器(Java)端验证 Google Recaptcha?
How to validate Google Recaptcha from server(Java) side?
我有可用的登录页面 Google Recaptcha
问题是,即使我不按我不是机器人,我也可以登录。如何检查复选框是否被选中?
我的java代码
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<Map<String, Object>> login(@RequestParam String email,
HttpServletRequest request){
String ip = request.getRemoteAddr();
String captchaVerifyMessage = request.getParameter("g-recaptcha-response");
captchaService.verifyRecaptcha(ip, captchaVerifyMessage);
if (StringUtils.isNotEmpty(captchaVerifyMessage)) {
Map<String, Object> response = new HashMap<>();
response.put("message", captchaVerifyMessage);
return ResponseEntity.badRequest()
.body(response);
}
String token;
User user = userRepository.findOneByEmail(email);
Map<String, Object> tokenMap = new HashMap<>();
if (user != null) {
token = Jwts.builder().setSubject(email).claim("roles", user.getRoles()).setIssuedAt(new Date())
.signWith(SignatureAlgorithm.HS256, "secretkey").compact();
tokenMap.put("token", token);
tokenMap.put("user", user);
return new ResponseEntity<>(tokenMap, HttpStatus.OK);
} else {
tokenMap.put("token", null);
return new ResponseEntity<>(tokenMap, HttpStatus.UNAUTHORIZED);
}
}
我的目标是发出一些警告消息,比如 "You need to prove that you're not a robot"
您最好的选择是在提交表单之前使用 javascript 进行验证。
function checkCaptcha() {
if (!grecaptcha.getResponse()) {
alert("You need to prove that you're not a robot");
} else {
document.getElementById('yourFormId').submit();
}
}
然后在您的 <form> 中将 <button> 类型更改为 button 并在点击时调用 checkCaptcha()。
<button type='button' onclick='checkCaptcha()'>Login</button>
因为默认类型是 submit,这将导致表单在按下时提交。
如果您想从服务器端验证 reCaptcha,请查看我的以下 post。
我有可用的登录页面 Google Recaptcha
问题是,即使我不按我不是机器人,我也可以登录。如何检查复选框是否被选中?
我的java代码
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<Map<String, Object>> login(@RequestParam String email,
HttpServletRequest request){
String ip = request.getRemoteAddr();
String captchaVerifyMessage = request.getParameter("g-recaptcha-response");
captchaService.verifyRecaptcha(ip, captchaVerifyMessage);
if (StringUtils.isNotEmpty(captchaVerifyMessage)) {
Map<String, Object> response = new HashMap<>();
response.put("message", captchaVerifyMessage);
return ResponseEntity.badRequest()
.body(response);
}
String token;
User user = userRepository.findOneByEmail(email);
Map<String, Object> tokenMap = new HashMap<>();
if (user != null) {
token = Jwts.builder().setSubject(email).claim("roles", user.getRoles()).setIssuedAt(new Date())
.signWith(SignatureAlgorithm.HS256, "secretkey").compact();
tokenMap.put("token", token);
tokenMap.put("user", user);
return new ResponseEntity<>(tokenMap, HttpStatus.OK);
} else {
tokenMap.put("token", null);
return new ResponseEntity<>(tokenMap, HttpStatus.UNAUTHORIZED);
}
}
我的目标是发出一些警告消息,比如 "You need to prove that you're not a robot"
您最好的选择是在提交表单之前使用 javascript 进行验证。
function checkCaptcha() {
if (!grecaptcha.getResponse()) {
alert("You need to prove that you're not a robot");
} else {
document.getElementById('yourFormId').submit();
}
}
然后在您的 <form> 中将 <button> 类型更改为 button 并在点击时调用 checkCaptcha()。
<button type='button' onclick='checkCaptcha()'>Login</button>
因为默认类型是 submit,这将导致表单在按下时提交。
如果您想从服务器端验证 reCaptcha,请查看我的以下 post。