What is appropriate way to integrate SpringSecurity with Capcha ?
I have following use case : When user will tries to login, if we he failed to login N times, captcha will be displayed, so authentication will be using three parameters : username, password, captcha. But Spring Security doesn't support built in Captcha handling.
I just start thinking about implementation. And have following variants:
- Adding separate security filter in Spring Security filter stack,
- Entirely rewrite AuthenticationProcessingFilter to support some Captcha
- Use some programmatic authentication with interception captcha logic and then transfering username and password to Spring Security
As a Captcha implementation I think about JCaptcha, but what your thougths?