Feature/jspwiki 1218 removes http-commons and the asirra.com based captcha filtering

ChangeLog.md

@@ -25,14 +25,16 @@ under the License.
 	* commons-lang updated to 3.19.0
 	* commons-net added at 3.12.0
 	* jakarta.mail-api from 2.1.3 to 2.1.5
+	* http-commons dependency removed
 
 * [JSPWIKI-1213](https://issues.apache.org/jira/browse/JSPWIKI-1213) adds jacoco test coverage reporting to the build
 * [JSPWIKI-615](https://issues.apache.org/jira/browse/JSPWIKI-615) adds some javadocs to the WikiEvent class as requested
 * [JSPWIKI-1211](https://issues.apache.org/jira/browse/JSPWIKI-1211) fixed a bootup issue when the rss directory doesn't exist
 * [JSPWIKI-1207](https://issues.apache.org/jira/browse/JSPWIKI-1207) disables the ehcache causing bootup crashes on portable builds
-* [JSPWIKI-1183](https://issues.apache.org/jira/browse/JSPWIKI-1183) improvements to stabilize the automated build system
+* [JSPWIKI-1217](https://issues.apache.org/jira/browse/JSPWIKI-1217) improvements to stabilize the automated build system
 * [JSPWIKI-1216](https://issues.apache.org/jira/browse/JSPWIKI-1216) removes references to the WikiWizard template/editor, i18n improvements 
 * [JSPWIKI-1183](https://issues.apache.org/jira/browse/JSPWIKI-1183) The IfPlugin now supports IP address checks using CIDR style netmasks
+* [JSPWIKI-1283](https://issues.apache.org/jira/browse/JSPWIKI-1283) Removes the asirra.com based captcha filtering
 
 **2025-09-30  Juan Pablo Santos (juanpablo AT apache DOT org)**
 

jspwiki-main/pom.xml

@@ -83,8 +83,8 @@
         </dependency>
 
         <dependency>
-            <groupId>net.sourceforge</groupId>
-            <artifactId>akismet-java</artifactId>
+          <groupId>net.thauvin.erik</groupId>
+          <artifactId>akismet-kotlin</artifactId>
         </dependency>
 
         <dependency>

jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java

@@ -18,7 +18,6 @@ Licensed to the Apache Software Foundation (ASF) under one
  */
 package org.apache.wiki.filters;
 
-import net.sf.akismet.Akismet;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.time.StopWatch;
 import org.apache.logging.log4j.LogManager;
@@ -77,6 +76,8 @@ Licensed to the Apache Software Foundation (ASF) under one
 import java.util.StringTokenizer;
 import java.util.Vector;
 import java.util.concurrent.ThreadLocalRandom;
+import net.thauvin.erik.akismet.Akismet;
+import net.thauvin.erik.akismet.AkismetComment;
 
 
 /**
@@ -98,7 +99,7 @@ Licensed to the Apache Software Foundation (ASF) under one
  *    <li>maxurls - How many URLs can be added to the page before it is considered spam (default is 5)</li>
  *    <li>akismet-apikey - The Akismet API key (see akismet.org)</li>
  *    <li>ignoreauthenticated - If set to "true", all authenticated users are ignored and never caught in SpamFilter</li>
- *    <li>captcha - Sets the captcha technology to use.  Current allowed values are "none" and "asirra".</li>
+ *    <li>captcha - Sets the captcha technology to use.  Current allowed values are "none". "asirra" was previously supported however that service has been discontinued.</li>
  *    <li>strategy - Sets the filtering strategy to use.  If set to "eager", will stop at the first probable
  *        match, and won't consider any other tests.  This is the default, as it's considerably lighter. If set to "score", will go through all of the tests
  *        and calculates a score for the spam, which is then compared to a filter level value.
@@ -219,8 +220,6 @@ public class SpamFilter extends BasePageFilter {
 
     private String          m_akismetAPIKey;
 
-    private boolean         m_useCaptcha;
-
     /** The limit at which we consider something to be spam. */
     private final int             m_scoreLimit = 1;
 
@@ -263,8 +262,6 @@ public void initialize( final Engine engine, final Properties properties ) {
         m_ignoreAuthenticated = TextUtil.getBooleanProperty( properties, PROP_IGNORE_AUTHENTICATED, m_ignoreAuthenticated );
         m_allowedGroups = StringUtils.split( StringUtils.defaultString( properties.getProperty( PROP_ALLOWED_GROUPS, m_blacklist ) ), ',' );
 
-        m_useCaptcha = properties.getProperty( PROP_CAPTCHA, "" ).equals("asirra");
-
         try {
             m_urlPattern = m_compiler.compile( URL_REGEXP );
         } catch( final MalformedPatternException e ) {
@@ -530,9 +527,12 @@ private void checkAkismet( final Context context, final Change change ) throws R
         if( m_akismetAPIKey != null ) {
             if( m_akismet == null ) {
                 LOG.info( "Initializing Akismet spam protection." );
-                m_akismet = new Akismet( m_akismetAPIKey, context.getEngine().getBaseURL() );
+                String fullPageUrl = context.getHttpRequest().getRequestURL().toString();
+                String fragment = context.getEngine().getBaseURL();
+                fullPageUrl = fullPageUrl.substring(0, fullPageUrl.indexOf(fragment) + fragment.length());
+                m_akismet = new Akismet( m_akismetAPIKey, fullPageUrl );
 
-                if( !m_akismet.verifyAPIKey() ) {
+                if( !m_akismet.verifyKey() ) {
                     LOG.error( "Akismet API key cannot be verified.  Please check your config." );
                     m_akismetAPIKey = null;
                     m_akismet = null;
@@ -560,17 +560,16 @@ private void checkAkismet( final Context context, final Change change ) throws R
                 final String commentAuthor = context.getCurrentUser().getName();
                 final String commentAuthorEmail = null;
                 final String commentAuthorURL   = null;
-
-                final boolean isSpam = m_akismet.commentCheck( ipAddress,
-                                                               userAgent,
-                                                               referrer,
-                                                               permalink,
-                                                               commentType,
-                                                               commentAuthor,
-                                                               commentAuthorEmail,
-                                                               commentAuthorURL,
-                                                               change.toString(),
-                                                               null );
+                AkismetComment comment = new AkismetComment(ipAddress, userAgent);
+                comment.setAuthor(commentAuthor);
+                comment.setAuthorEmail(commentAuthorEmail);
+                comment.setAuthorUrl(commentAuthorURL);
+                comment.setContent(change.toString());
+                comment.setPermalink(permalink);
+                comment.setReferrer(referrer);
+                comment.setType(commentType);
+
+                final boolean isSpam = m_akismet.checkComment(comment);
 
                 sw.stop();
                 LOG.debug( "Akismet request done in: " + sw );
@@ -897,9 +896,6 @@ private static String getUniqueID() {
      *  @return An URL to redirect to
      */
     private String getRedirectPage( final Context ctx ) {
-        if( m_useCaptcha ) {
-            return ctx.getURL( ContextEnum.PAGE_NONE.getRequestContext(), "Captcha.jsp", "page= " +ctx.getEngine().encodeName( ctx.getPage().getName() ) );
-        }
 
         return ctx.getURL( ContextEnum.PAGE_VIEW.getRequestContext(), m_errorPage );
     }

jspwiki-war/pom.xml

@@ -122,11 +122,6 @@
                         <artifactId>ehcache</artifactId>
                         <version>${ehcache.version}</version>
                     </dependency>
-                    <dependency>
-                        <groupId>commons-httpclient</groupId>
-                        <artifactId>commons-httpclient</artifactId>
-                        <version>${commons-httpclient.version}</version>
-                    </dependency>
                 </dependencies>
             </plugin>
 

pom.xml

@@ -44,12 +44,11 @@
     <jdk.javadoc.doclet.version>2.2.3</jdk.javadoc.doclet.version>
     <maven.version>3.5</maven.version>
 
-    <akismet-java.version>1.02</akismet-java.version>
+    <akismet-java.version>1.0.0</akismet-java.version>
     <awaitility.version>4.3.0</awaitility.version>
     <aws-java-sdk-kendra.version>1.12.565</aws-java-sdk-kendra.version>
     <commons-collections.version>4.5.0</commons-collections.version>
     <commons-fileupload.version>2.0.0-M4</commons-fileupload.version>
-    <commons-httpclient.version>3.1</commons-httpclient.version>
     <commons-io.version>2.20.0</commons-io.version>
     <commons-lang.version>3.19.0</commons-lang.version>
     <commons-net.version>3.12.0</commons-net.version>
@@ -227,12 +226,6 @@
         <version>${flexmark.version}</version>
       </dependency>
 
-      <dependency>
-        <groupId>commons-httpclient</groupId>
-        <artifactId>commons-httpclient</artifactId>
-        <version>${commons-httpclient.version}</version>
-      </dependency>
-
       <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
@@ -282,9 +275,9 @@
       </dependency>
 
       <dependency>
-        <groupId>net.sourceforge</groupId>
-        <artifactId>akismet-java</artifactId>
-        <version>${akismet-java.version}</version>
+          <groupId>net.thauvin.erik</groupId>
+          <artifactId>akismet-kotlin</artifactId>
+          <version>${akismet-java.version}</version>
       </dependency>
 
       <dependency>