In a load balanced environment the default singleton implementation doesnt work out of the box.
There is two solution in order to achieve captcha validation throught load-balancing
- Use a "distributed singleton" implemented with an distributed cache CaptchaStore (like JBossCache)
- Use sticky session
The JBossCacheStore allows JCaptcha to be used in a clustered environment, generated captchas are stored in a distributed Cache. A user can now retrieve a captcha from a node and validate it on another node.
This tutorial shows how to set up the JCaptcha extension and configure JBossCache
Add project dependencies
jcaptcha-extension-jbosscache-store v1.0 supports JBossCache 2.x
jcaptcha-extension-jbosscache-store v2.x supports JBossCache 3.x
Add the following dependency to your project POM
Add the following libraries to your project classpath.
- The JCaptcha extension
- JBossCache dependencies
- The JCaptcha extension POM contains names, versions and repository URL to download them.
Configure your CaptchaService with the JBossCacheCaptchaStore
Use for example the GenericManageableCaptchaService and provide a JBossCacheCaptchaStore for the first argument of the constructor.
The three last arguments are related to the JCaptcha garbage collector. They must be set carefully in order to avoid overhead with JBossCache eviction policy. See the last section for more explanations.
Configure the JBoss Cache
Set the configuration filename
You must provide the JBossCache configuration filename to the JBossCacheCaptchaStore in order to initialize the Cache.
This can be done by adding the jcaptcha.jbosscache.config system property to the JVM.
Add the following argument to the JVM command line or in the JAVA_OPTS environment variable.
Modify the XML configuration file
This configuration is a proposal and has to be adapted to your project requirements. Please refers to the JBossCache reference documentation for further details.
You could find a sample in the extention test resources
The configurations attributes are divided in two main parts, the first one define the cache behavior (transaction, synchronisation, eviction policy) and the second one defines the deployment scheme.
Cache general behavior
The main attributes have to be set with the following values:
In the EvictionPolicyConfig XML node :
Add the captcharegion configuration in the EvictionPolicyConfig XML node
Parameter coherency guidelines
Follow these rules in order to let JBossCache manage the size of the cache (instead of JCaptcha garbage collector) and use efficiently JBossCache for managing captchas.
- Disable JCaptcha garbage collector
- JCaptcha maxCaptchaStoreSize must be set to zero
- JCaptcha minGuarantedStorageDelayInSeconds must be set to zero
- JCaptcha captchaStoreLoadBeforeGarbageCollection must be bigger than JBossCache maxNodes
- Disable captchas TimeToLive
- JBossCache timeToLiveSeconds must be set to zero
- Configure resolution max time (usually two minutes)
- JBossCache maxAgeSeconds must be less than ten minutes
- Manage the CaptchaStore memory size
- JBossCache maxNodes must be set in relation to the JVM memory size parameter (ex : -Xmx256m)
Please refers to the JGroups reference documentation for detailed explanations.