Skip to Content

Using reCaptcha at SAP Portal 7.3 Logon Page

If you have a portal which exposed to internet, you may want to use captcha for bots. So in this blog I will implement reCaptcha. Why do I choose reCaptcha? Because it is easy to implement and you dont need to implement a lot of things to work. Let’s do it!

First you have to modify logon page. You can find it solution here:

You have to import jar files of reCaptcha (link). After importing files modify logonPage.jsp file for reCaptcha.

-Import reCaptcha:

<%@ page import="net.tanesha.recaptcha.ReCaptcha" %>

<%@ page import="net.tanesha.recaptcha.ReCaptchaFactory" %>

-Add reCaptcha code for displaying captcha. You can customize it for your need:


     ReCaptcha c = ReCaptchaFactory.newReCaptcha("your public key", "your private key", false);

     out.print(c.createRecaptchaHtml(null, null));


Be careful adding these code block between <sap:form type=”logon”></sap:form>

We have done about this part. Now it is time to implement login module. You can get more information about login modules from this link. Now you have more information about login modules after link. Implement the class and add a new method to get response.

 private String getRequestValue(String parameterName)

        throws LoginException {

          HttpGetterCallback httpGetterCallback = new HttpGetterCallback();


          httpGetterCallback.setName((String) parameterName);

          String value = null;

          try {

               _callbackHandler.handle(new Callback[] { httpGetterCallback });

              String[] arrayRequestparam =

                  (String[]) httpGetterCallback.getValue();

              if (_decodeRequestParameter) {

                    value = URLDecoder.decode(arrayRequestparam[0], "UTF-8");

               } else {

                    value = arrayRequestparam[0];


          } catch (UnsupportedCallbackException e) {

               return null;

          } catch (IOException e) {

          \     throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);


          return value;


You can call method with these parameters. (example: String challengefield = getRequestValue(“recaptcha_challenge_field”);

And also you need client ip address. Here is the moethod to get ip address:

     private String getIPAddress(){

          String clientIp = "";


               HttpGetterCallback hgc = new HttpGetterCallback();

               _callbackHandler.handle(new Callback[] { hgc });


              clientIp = (String)hgc.getValue();

          }catch(Exception ex){


          return clientIp;


If you have a reverse proxy you get ip address of it. So you have to configure it to get clients ip address.
After you get the parameters for reCaptcha check them:

import net.tanesha.recaptcha.ReCaptchaImpl;

import net.tanesha.recaptcha.ReCaptchaResponse;
ReCaptchaImpl reCaptcha = new ReCaptchaImpl();


String ipAdress = getIPAddress();

String challenge = getRequestValue("recaptcha_challenge_field");

String uresponse = getRequestValue("recaptcha_response_field");

ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(ipAdress, challenge, uresponse);

if (reCaptchaResponse.isValid()) {

     // do your valid login work


    // do your invalid login work

You must be Logged on to comment or reply to a post.
  • Very good blog. I am wondering whether there is a way to show the CAPTCHA only after 2 or 3 wrong password attempts? I am wondering whether there is a way to get the number of login attempts and enable/disable CAPTCHA.

  • I implemented your logon module and its working fine with only one strange problem. Users login and logout fine without issues but whenever any user is required to change their password, after the change password page, instead of showing the portal home page, user is thrown back to the login page. I can''t see anything in the logs about this behaviour. If I remove my login module, change password works fine.

  • Hi,

    Nice blog, have you experienced a problem with users understanding the recaptcha images being shown? I was wondering if there is some way to control the difficulty of the images.