Skip to Content
Author's profile photo Former Member

Using reCaptcha at SAP Portal 7.3 Logon Page

If you have a portal which exposed to internet, you may want to use captcha for bots. So in this blog I will implement reCaptcha. Why do I choose reCaptcha? Because it is easy to implement and you dont need to implement a lot of things to work. Let’s do it!

First you have to modify logon page. You can find it solution here: http://nwturk.com/blog/2011/06/06/changing-logon-page-on-netweaver-7-3/

You have to import jar files of reCaptcha (link). After importing files modify logonPage.jsp file for reCaptcha.

-Import reCaptcha:

<%@ page import="net.tanesha.recaptcha.ReCaptcha" %>

<%@ page import="net.tanesha.recaptcha.ReCaptchaFactory" %>

-Add reCaptcha code for displaying captcha. You can customize it for your need:

<%

     ReCaptcha c = ReCaptchaFactory.newReCaptcha("your public key", "your private key", false);

     out.print(c.createRecaptchaHtml(null, null));

%>

Be careful adding these code block between <sap:form type=”logon”></sap:form>

We have done about this part. Now it is time to implement login module. You can get more information about login modules from this link. Now you have more information about login modules after link. Implement the class and add a new method to get response.

    
 private String getRequestValue(String parameterName)

        throws LoginException {



          HttpGetterCallback httpGetterCallback = new HttpGetterCallback();

          httpGetterCallback.setType(HttpCallback.REQUEST_PARAMETER);

          httpGetterCallback.setName((String) parameterName);



          String value = null;



          try {

               _callbackHandler.handle(new Callback[] { httpGetterCallback });



              String[] arrayRequestparam =

                  (String[]) httpGetterCallback.getValue();



              if (_decodeRequestParameter) {

                    value = URLDecoder.decode(arrayRequestparam[0], "UTF-8");

               } else {

                    value = arrayRequestparam[0];

              }



          } catch (UnsupportedCallbackException e) {

               return null;

          } catch (IOException e) {

          \     throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);

          }



          return value;

     }

You can call method with these parameters. (example: String challengefield = getRequestValue(“recaptcha_challenge_field”);

And also you need client ip address. Here is the moethod to get ip address:

     private String getIPAddress(){

          String clientIp = "";

          try{

               HttpGetterCallback hgc = new HttpGetterCallback();

               _callbackHandler.handle(new Callback[] { hgc });

               hgc.setType(HttpCallback.CLIENT_IP);

              clientIp = (String)hgc.getValue();

          }catch(Exception ex){


          }

          return clientIp;

     }

If you have a reverse proxy you get ip address of it. So you have to configure it to get clients ip address.
After you get the parameters for reCaptcha check them:

import net.tanesha.recaptcha.ReCaptchaImpl;

import net.tanesha.recaptcha.ReCaptchaResponse;
ReCaptchaImpl reCaptcha = new ReCaptchaImpl();

reCaptcha.setPrivateKey("your_private_key");

String ipAdress = getIPAddress();

String challenge = getRequestValue("recaptcha_challenge_field");

String uresponse = getRequestValue("recaptcha_response_field");

ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(ipAdress, challenge, uresponse);

if (reCaptchaResponse.isValid()) {

     // do your valid login work

}else{

    // do your invalid login work

}

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Very good blog. I am wondering whether there is a way to show the CAPTCHA only after 2 or 3 wrong password attempts? I am wondering whether there is a way to get the number of login attempts and enable/disable CAPTCHA.

      Author's profile photo Former Member
      Former Member

      Of course it can be implemented. You can add a custom field on user data. And you can get data from that field.     

      Author's profile photo Former Member
      Former Member

      I implemented your logon module and its working fine with only one strange problem. Users login and logout fine without issues but whenever any user is required to change their password, after the change password page, instead of showing the portal home page, user is thrown back to the login page. I can''t see anything in the logs about this behaviour. If I remove my login module, change password works fine.

      Author's profile photo Former Member
      Former Member

      Hi,

      Nice blog, have you experienced a problem with users understanding the recaptcha images being shown? I was wondering if there is some way to control the difficulty of the images.

      Regards,

      Richard