Sandra Lewandowska - Java Developer

Angular 6 + Spring Boot + reCAPTCHA w przesyłanym formularzu

Opublikowane przez Sandra Lewandowska dnia 22 października 2018

Po pierwsze należy wygenerować indywidulany dla domeny (może być też localhost dla testów lokalnych) sitekey i secret –> Google reCAPTCHA

Integracja po stronie klienta
W formularzu dodajemy kod reCAPTCHA z wygenerowanym sitekey

<div class="form-group">
<div class="g-recaptcha" data-sitekey="6Lf7anUUAAAAAHobMeDJkbR_xxxasasasa"></div>
</div>

Następnie w komponencie z formularzem w metodzie ngOnInit() dodajemy do strony skrypt z api reCAPTCHA. Jeśli skrypt zostałby dodany do index.html, to reCAPTCHA pojawiałaby się tylko po odświeżeniu strony.

ngOnInit(){ this.addScript(); }
	addScript() {
    let script = document.createElement('script');
    script.src = 'https://www.google.com/recaptcha/api.js';
    script.async = true;
    script.defer = true;
    document.body.appendChild(script);
}

Przed wysłaniem formularza należy sprawdzić czy pole “Nie jestem robotem” zostało zaznaczone.

onSubmit() {
    this.submitted = true;
	 const response = grecaptcha.getResponse();
         if (response.length === 0) {
            alert('Recaptcha not verified.');
            return;
        }
    this.save(); 
  }
	
	save() { 
    this.accountService.createNewUser(this.registerForm.value, grecaptcha.getResponse())
    .subscribe(
        data => { console.log(data); },
        error => { console.log(error); })
 }

Integracja po stronie serwera – tutaj przyda się przydzielony wcześniej kod secret

@PostMapping("/new")
	    @ResponseStatus(HttpStatus.CREATED)
		public void  createUser(@RequestBody UserDTO user, @RequestParam(name="response") String recaptchaResponse) {
	    	captchaVerification.verify(recaptchaResponse);
			userRepository.findByEmailIgnoreCase(user.getEmail())
			.ifPresent(u -> {throw new ResourceExistsException("User with login: "+user.getEmail()+" exist");});
	   	  	User createdUser = userService.createUser(user);
		}

Przed dodaniem nowego użytkownika do bazy danych należy sprawdzić poprawność recaptchaResponse, wysyłając zapytanie przez recaptcha api.

import java.net.URI;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;

@Service("captchaVerification")
public class CaptchaVerification {

	 	@Autowired
	    private CaptchaSettings captchaSettings;

	 	public void verify(String response) {
       
        URI verifyUri = URI.create(String.format(
          "https://www.google.com/recaptcha/api/siteverify?secret=%s&response=%s",
          captchaSettings.getSecret(), response));
        
        RestTemplate restTemplate = new RestTemplate();
        GoogleResponse googleResponse = restTemplate.getForObject(verifyUri, GoogleResponse.class);
 
        if(!googleResponse.isSuccess()) {
            throw new InvalidRecaptchaException();
        }
    }
}

Sitekey i Secret umieszczone są w application.properties

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

@Component
@ConfigurationProperties(prefix = "google.recaptcha.key")
public class CaptchaSettings {
 
    private String site;
    private String secret;
    
	public String getSite() {
		return site;
	}
	public void setSite(String site) {
		this.site = site;
	}
	public String getSecret() {
		return secret;
	}
	public void setSecret(String secret) {
		this.secret = secret;
	}

}

Klasa GoogleResponse jest schematem reprezentującym odpowiedź przesłaną od Google Api i pomaga stwierdzić poprawność walidacji reCAPRTCHA.

import java.util.HashMap;
import java.util.Map;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonPropertyOrder;

@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true)
@JsonPropertyOrder({
    "success",
    "challenge_ts",
    "hostname",
    "error-codes"
})
public class GoogleResponse {

	 @JsonProperty("success")
	    private boolean success;
	     
	    @JsonProperty("challenge_ts")
	    private String challengeTs;
	     
	    @JsonProperty("hostname")
	    private String hostname;
	     
	    @JsonProperty("error-codes")
	    private ErrorCode[] errorCodes;
	 
	    @JsonIgnore
	    public boolean hasClientError() {
	        ErrorCode[] errors = getErrorCodes();
	        if(errors == null) {
	            return false;
	        }
	        for(ErrorCode error : errors) {
	            switch(error) {
	                case InvalidResponse:
	                case MissingResponse:
	                    return true;
	            }
	        }
	        return false;
	    }
	 
	    static enum ErrorCode {
	        MissingSecret,     InvalidSecret,
	        MissingResponse,   InvalidResponse;
	 
	        private static Map<String, ErrorCode> errorsMap = new HashMap<String, ErrorCode>(4);
	 
	        static {
	            errorsMap.put("missing-input-secret",   MissingSecret);
	            errorsMap.put("invalid-input-secret",   InvalidSecret);
	            errorsMap.put("missing-input-response", MissingResponse);
	            errorsMap.put("invalid-input-response", InvalidResponse);
	        }
	 
	        @JsonCreator
	        public static ErrorCode forValue(String value) {
	            return errorsMap.get(value.toLowerCase());
	        }
	    }

		public boolean isSuccess() {
			return success;
		}

		public void setSuccess(boolean success) {
			this.success = success;
		}

		public String getChallengeTs() {
			return challengeTs;
		}

		public void setChallengeTs(String challengeTs) {
			this.challengeTs = challengeTs;
		}

		public String getHostname() {
			return hostname;
		}

		public void setHostname(String hostname) {
			this.hostname = hostname;
		}

		public ErrorCode[] getErrorCodes() {
			return errorCodes;
		}

		public void setErrorCodes(ErrorCode[] errorCodes) {
			this.errorCodes = errorCodes;
		}
	     
}

Powyższe fragmenty kodu są też zawarte w projekcie Clinic (clinic-server, clinic-client) na GitHub >>tutaj<<

Kategorie: angular, bezpieczeństwo, java, spring boot Tagi:angular, bezpieczeństwo, formularz, java, recaptcha, rejestracja, springboot

279 thoughts on “Angular 6 + Spring Boot + reCAPTCHA w przesyłanym formularzu”

You choose peace or war?

Odpowiedz

There is certainly a great deal to learn about this issue. I like all of the points you made. Reinaldo Spyres

Odpowiedz

Post writing is also a excitement, if you be familiar with then you can write if not it is difficult to write. Donovan Gift

Odpowiedz

Excellent write-up. I absolutely appreciate this site. Wilber Anagnostou

Odpowiedz

There is definately a great deal to know about this subject. I like all the points you have made. Winford Gruenes

Odpowiedz

This post provides clear idea in favor of the new viewers of blogging, that actually how to do blogging and site-building. Darwin Palczynski

Odpowiedz

You made some decent points there. I did a search on the topic and found most persons will go along with with your site. Deandre Vis

Odpowiedz

Have you ever considered publishing an ebook or guest authoring on other blogs? I have a blog based on the same subjects you discuss and would really like to have you share some stories/information. I know my viewers would value your work. If you’re even remotely interested, feel free to shoot me an e-mail.

Odpowiedz

�Ok stop. Come with me.� I said the game now changing.

Odpowiedz

I like what you guys are up too. Such intelligent work and reporting! Keep up the excellent works guys I’ve incorporated you guys to my blogroll. I think it will improve the value of my site :).

Odpowiedz

�Well that answers that. I live at home, Mum and Dad are there so let�s go back to your place.� she said as she reached in and grabbed a towel

Odpowiedz

Antifa is the prefect example of what fascists are. William Chitty

Odpowiedz

As soon as I noticed this internet site I went on reddit to share some of the love with them. Dominic Larmon

Odpowiedz

I am truly grateful to the holder of this website who has shared this fantastic article at at this place. Linwood Niemann

Odpowiedz

So you are a man or woman?

Odpowiedz

Where there is a will, there is a way.

Odpowiedz

This piece of writing is genuinely a nice one it assists new internet people, who are wishing in favor of blogging. Lynwood Sedgwick

Odpowiedz

Your Blog is very nice. Wish to see much more like this.

Odpowiedz

Good� i really like your blog�

Odpowiedz

Way cool, some valid points! I appreciate you making this article available, the rest of the site is also high quality. Have a fun.

Odpowiedz

Wow, amazing blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your site is excellent, as well as the content!

Odpowiedz

What’s Going down i’m new to this, I stumbled upon this I have discovered It absolutely helpful and it has aided me out loads. I am hoping to give a contribution & help other customers like its helped me. Great job.

Odpowiedz

Great content and thank you to the author.

Odpowiedz

This is my first time pay a visit att here and i am actually pleassant to read everthing at one place. Sam Kilimnik

Odpowiedz

I every time used to study paragraph in news papers but now as I am a user of net thus from now
I am using net for articles or reviews, thanks to web.

Odpowiedz

Some truly select blog posts on this web site, saved to bookmarks.

Odpowiedz

Would you be all in favour of exchanging links?

Odpowiedz

We are a group of volunteers and starting a new scheme in our community. Your web site offered us with valuable information to work on. You’ve done a formidable job and our entire community will be thankful to you.

Odpowiedz

I think the admin of this site is truly working hard for his website, since here every material is quality based stuff. Donte Armson

Odpowiedz

Nothing has been the same since your ex broke up with you. Rickie Altiery

Odpowiedz

I enjoy, cause I found exactly what I was having a look for. Paul Rearden

Odpowiedz

100,000 Backlinks only $10，Subject to data from ahrefs.com.After paid $10 by PayPal (My PayPal：helloboy1979@gmail.com),Tell me your URL, email and comment content.I will complete the task within ten days.But It may take up to a month for the data updated from ahrefs.com.

Odpowiedz

You made various nice points there. I did a search on the issue and found nearly all persons will go along with with your blog.

Odpowiedz

I constantly emailed this webpage post page to all my contacts, for the reason that if like to read it then my friends will too. Bob Dompe

Odpowiedz

Way cool! Some extremely valid points! I appreciate you writing this post and also the rest of the site is very good. Marcelino Mihalkovic

Odpowiedz

Just make sure that thehow the money stays within your circle of friends. Ross Oakland

Odpowiedz

Hi, after reading this amazing paragraph i am also delighted to share my know-how here with colleagues. Cary Alhusseini

Odpowiedz

My spouse and I stumbled over here from a different website and thought I might as well check things out. I like what I see so now i am following you. Look forward to looking over your web page yet again.

Odpowiedz

You completed some nice points there. I did a search on the issue and found most folks will consent with your blog. Hunter Bilotta

Odpowiedz

The OpusMining is engaged in cloud mining provision while using the technology, developed by the experts in IT and cryptocurrencies field. The main product idea is effective disparate computing resources appliance. We tend to unite investors, including newcomers, on a single platform together. Our customers’ trust is based on obvious evidence: they honestly get their income every day.

Odpowiedz

Best Free IP Stresser. Start A Free Trial. Join the strongest IP Stresser / Booter service! We offer powerful Layer 4 and Layer 7 Bypass methods capable of downing OVH, Cloudflare. and various other DDoS protections. Try our free IP stresser before you buy! The Technology. Of Inspiration Feature-rich web hosting Performance optimization .com

Odpowiedz

OpusMining – Best Cloud mining platform

Odpowiedz

Some genuinely interesting info, well written and generally user genial. Milo Geery

Odpowiedz

I really like it when folks get together and share ideas. Keenan Scroger

Odpowiedz

OpusMining – Best Cloud mining platform

Odpowiedz

IPStress.wtf – BEST IP STRESSER

Odpowiedz

By using ipstresser.wtf Stress Testing Tool you understand and agree that any damages caused related to the Stress Test launched is your own responsability. 8. Community You must be respectful regarding the staff. Also, sale trashing isn’t allowed and will be punished. 9. TOS If you get caught or admit breaking the TOS your account will be terminated. We reserve the right to modify

Odpowiedz

Some genuinely interesting info, well written and generally user genial. Milo Geery

Odpowiedz

OpusMining – Best Cloud mining platform

Odpowiedz

I do not even understand how I ended up here, but I assumed this publish used to be great

Odpowiedz

Having read this I believed it was rather informative. I appreciate you taking the time and energy to put this content together. Kyle Ciulla

Odpowiedz

OpusMining – Best Cloud mining platform

Odpowiedz

Some genuinely interesting info, well written and generally user genial. Milo Geery

Odpowiedz

You completed some nice points there. I did a search on the issue and found most folks will consent with your blog. Hunter Bilotta

Odpowiedz

I just like the helpful information you provide in your articles

Odpowiedz

Having read this I believed it was rather informative. I appreciate you taking the time and energy to put this content together. Kyle Ciulla

Odpowiedz

I really like it when folks get together and share ideas. Keenan Scroger

Odpowiedz

Spot on with this write-up, I absolutely believe that this site

Odpowiedz

I used to be recommended this website by way of my cousin. I’m

Odpowiedz

Hocam detaylı bir anlatım olmuş eline sağlık

Odpowiedz

ip stresser

Odpowiedz

Many investors hold cash as a نيك امهات of maintaining

Odpowiedz

uniswap liquidity bot

Odpowiedz

I used to be recommended this website by way of my cousin. I’m

Odpowiedz

cloud mining

Odpowiedz

Wow, this post is pleasant, my younger sister is analyzing

Odpowiedz

JOKER G AMING โฉมใหม่ มีระ บบฝากถอนออโต้ แอพคาสิโนเล่นบนมือถือ สล็อต เกมส์ยิงปลา บ าคาร่า ชนะง่าย สมัคร JOKER GAMINGรับโบนัส 50%

Odpowiedz

Many investors hold cash as a نيك امهات of maintaining

Odpowiedz

whoah this blog is great i really like studying your articles.

Odpowiedz

Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.

Odpowiedz

There is definately a lot to find out about this subject. I like all the points you made

Odpowiedz

Having read this I believed it was rather informative. I appreciate you taking the time and energy to put this content together. Kyle Ciulla

Odpowiedz

transformice

Odpowiedz

You completed some nice points there. I did a search on the issue and found most folks will consent with your blog. Hunter Bilotta

Odpowiedz

Very interesting details you have observed, thanks for posting. “The best time to do a thing is when it can be done.” by William Pickens.

Odpowiedz

Какие грибов отовариться молодому психонавту
об галлюциногенных грибах дерябнуто загибать
плохо, но также около этой медали пожирать недостаток.
в течение средине ХХ столетия, кое-когда псилоцибин конструктивно изучался для (вида самостоятельное азибензил, его употребляли про исцеления наркомании, беспокойных
расстройств, депрессии. С его поддержкою доводили до совершенства качество жизни болезненным на карачках
в финальных стадиях заболевания, ликвидировали предсуицидальное добро, направляли хворым алкоголизмом.

Новые раскрытия в мед поле деятельности замерзли толчком ко этому значительные гроверов уходили заповедать диспуты псилоцибиновых грибов да полакомиться
себя на новейшей роли миколога.
иду пду пдходят представители
семейства Psylocibe Cubensis. Их без труда
служить стимулом, настоящие штаммы как покупает основная
масса недугов, ах ярица тешит включая долей самих грибов, равно содержанием псилоцибина.

Odpowiedz

orjinal biber hapı ile kısa sürede ideal kilonuza ulaaşabilirsiniz.

Odpowiedz

thank you

Odpowiedz

Pellentesque feugiat gravida velit non cursus.

Odpowiedz

She made herself as small as she could in the rocky hole, but they found her anyway and dragged her out by her foot. She defiantly fought back, thrashing her limbs and screaming, throwing fists at them but the men were too strong, and the group easily subdued her. Close up their faces looked different from the men of her family. They resembled one of the travelers from distant lands that had passed through a few summers ago.

Odpowiedz

She threw her sports bag onto the back seat of the car and started to strip off. Her body was thin yet sporty. She had curves in all the right places and there was no longer any doubt in my mind that I was going to fuck this girl.

Odpowiedz

metrum.org (Metrology: The Forgotten Science) is the internet site devoted to
the particular memory of Livio Catullo Stecchini.
The Persian Wars, The Origin of Money inside Greece and various other historical events.

Odpowiedz

eskort

Odpowiedz

Everyone loves a good sizzling hot pornstar.
Hence why definitely not obtain a ton of the best young women in the XXX enterprise
in 1 place?! poornstars.internet is the definitive web page on the world wide web for the
most beautiful ladies who actually never shy away from having hardcore sex.
They love to obtain naked in entrance of the web cam and get on the biggest dicks in a extensive selection of erotic opportunities.
We get it all in brilliant depth in our superior mixture
of free adult video tutorials. These luscious vixens are the almost all voracious
hence make sure you become informed. Our limitless database of erotica shall leave you spent
and bone dry!

Odpowiedz

thanks for posting. i am glad to read such a beautiful post like this

Odpowiedz

thank you

Odpowiedz

What does it result in to have intercourse? Well, a whole lot of things are available to mind when that
question gets enquired. For just about all, there are usually three stages – the foreplay, the primary occasion,
and the finish. The first stage is self-explanatory pretty.
You and your companion both perform functions that
would create you both “in the zone” and ready for penetration. Elements like influencing your mate with attractive clothes
for women, and featuring your huge penis for males. Both women and men would stimulate each different by stroking, stroking, licking, and kissing.
After they’re also both all warmed up up, then they’re also ready for the up coming stage.
The key function will be what intercourse is normally all about – the man, having a large erection down his manhood,
penetrates and enters the lady through her wet vagina. Fucking, as
it is known as playfully, is the action where a person utilizes his hardened dick to “fuck”
a horny women who desperately requirements a part of meats up her pussy.

And the final, but not least – the major conclude. Have got you ever found a person ejaculate a several meters apart?

Nicely, that’s in fact likely, especially if he relished fucking
his girlfriend hence many. His sperm would just fly away, as if it seemed to be shot from a cannon. It may seem small and easy, but getting intercourse is usually
thus very much considerably more than that. There happen to be a whole lot of
aspects that produce up the complete sexual intimacies working experience, today but,
we’ll just come to be centering on the many significant matter… Fucking.

Odpowiedz

thak you

Odpowiedz

Hi there, its nice article on the topic of media print, we
all be familiar with media is a impressive source of data.

Odpowiedz

It’s a general reality that Parents might be the best at taking good care of nearly any scenario.
Sizzling Mothers happen to be searched for the universe over for the sort of pleasure you can’p acquire
anywhere else. Their sensual contact, supporting attitude and growing celebrities deliver an unmatched adult go through.

You can’w not have this type of consideration from a XXX beginner because when it comes to quality intercourse, experience goes a
very long way.

Dress yourself in your logo of prize marking you as a real mom fucker and expend some right moment
with all of us! The HDmomtube.com Mother intimacy encounter is built
from content provided by a new wide variety of perfect sources.
Easy-to-use searching equipment and capabilities support pinpoint the behavior, grown-up and
qualities actors you desire to see the most.
With a easy click, aim for the virtually all well-known videos,
nearly all recent, longest aim for or stuff for any video duration you need.
This will be the excellent period to develop the quintessential mother adult library you’ve continually wished.

For a more complete and full Mom intercourse knowledge, visit related video genres and
classes like MILF, cougar porno, Latina Moms,
big ass and several more. You’ll discover lovely Midwestern bright Mommies,
big black mommas, provocative Asian gambling Mothers and dads and ladies eager to have to
sports training. The many devious scenarios and soiled deals help make up the core of this niche but what will be your expected flavor?

Cheating wives, gangbanged hotwives, cuckold cuties and
chest area trophy Stepmoms will keep you returning for additional
back. Sit again, rest and allow them do all the do the job!

Odpowiedz

�Thank you Coach, yes Coach a good girl.� she whimpered.

Odpowiedz

Long living the peace

Odpowiedz

Play to earn games metaverse games, how to play to earn ? metaverse and play to earn , play2earn

Odpowiedz

Seo ve sosyal medya danışmanlığı konusunda soft ajanstan hizmet alıyorum, kendilerine teşekkür ederim.

Odpowiedz

you are the diamond

Odpowiedz

you are the diamond

Odpowiedz

Seo ve sosyal medya danışmanlığı konusunda soft ajanstan hizmet alıyorum, kendilerine teşekkür ederim.

Odpowiedz

pırlanta sizsiniz

Odpowiedz

bu eğitimde yaşam koçluğu nasıl olur nelerdir sertfikası ne işe yarar ve nasıl meslek icra edilir öğreneceksiniz

Odpowiedz

Başta İstanbul olmak üzere ülkemizin her noktasında hizmet vermek konusunda oldukça titiz bir çalışma sunan Tekno Roof, sunduğu tüm seçeneklerin içerisinde bioclimatic pergola taleplerinize uygun şekilde işlemler yapmaktadır. Size uygunluk sağlaması açısından yapılmasını istediğiniz alanda gerekli noktaları ve dikkat edilmesi gereken her detayı belirleyen, sizi sonuca en iyi şekilde götüren bir firma olarak iş kapsamında ortaya çıkacak sonuçlardaki başarısının da garantisini hazırlamaktadır.

Odpowiedz

With chatbot integration on live support, whatsapp and social media, you can automatically do all your flow and work, and provide 24/7 support and service.

Odpowiedz