CSI5389 - Project

Worth 50 marks out of a 100 for the course.

Projects will be done in groups of 4-5 people.

There will be 4 parts to the project this term.

Each group will receive a group mark for their project after each part is handed in EXCEPT for Part D, Demonstration Review. Each student receives an individual mark for Part D.

All parts, except Part D, will be submitted in electronic form to both the professor (lpeyton@site.uottawa.ca) and the TA (TBD).


-2 marks/deliverable for any part of the project that is handed in after the due date

-4 marks/deliverable if it is handed in more than 1 week after the due date

No deliverables will be accepted that are handed in more than 2 weeks after the due date.

Only in very rare circumstances will extensions be given. AND only if the request is made in a timely fashion. E.g. if you want a 1 week extension, you must ask me at least 1 week before the due date AND have a valid reason for needing one.


Students are responsible for setting up their own project environments. Arrangements have been made so that the following are part of the standard setup in both the graduate and undergraduate labs.  There is a setup document which describes where to get these and how to install them if you are setting up your own environment (at home or in your research lab). Note it may not point to the most current releases, see below and the References page.

Java SDK 1.4

Tomcat 5.0 (open source Java web server which supports servlets)

MySQL 4.0 (open source SQL database)

Connector J 3.0 (JDBC driver for MySQL)

You may use other environments as long as they are Java based and your project work uses servlets and JDBC. Please see the course References page for links to Tomcat, and MySQL (including jdbc drivers, and user interfaces).

There are often hiccups in getting your environment configured and setup. Students are actively ENCOURAGED to collaborate and help each other. If you have any problems getting set up, please report them on the WEBCT FORUM for the class. If you are set up, read the forum and offer help.

Part A - Setup (5 marks) DUE: Sept. 24

Each group must set up their project environment and then run the code samples that will verify their environment is working as described in this document.

Deliverable: email lpeyton@site.uottawa a message that contains:

- a name for your group

- a list of members including a name, student # and email for each member

-identify the contact person for the group (who should have sent the email

-include a SINGLE screen shot that shows

a) their login (if using the school labs) or the machine name (if they are working off-campus)

b) one or two of the samples running correctly

Part B - Diary Application (20 marks) DUE: October 22

Create an online website where individuals can keep their own private diary … and include mechanisms that let them share selected entries with other individuals if they so desire. 

See the full specification of what is expected. 

Deliverable: a single zip file containing the following (in a reasonable folder hierarchy)

a) Design document which explains the architecture and algorithms used (a roadmap to the source code if you will) and illustrates with a few screenshots of the application running.

b) Clearly documented and well organized source code.

c) Test drivers and test data AND an execution log file or screen shot that demonstrates the test driver running successfully with the test data for your dbAgent, XMLAgent and each servlet in your solution.

d) A very brief explanation of what each member of the group contributed.

Please see the marking scheme for this part.

Part C - Secure Diary Application With Usage Statistics (15 marks) DUE: November 16

You will secure your diary application created in part B above, and create a Statistics server that your diary application will use to log statistics about User activity.  The diary application will send requests to the Statistics server using a special communication protocol. 

You need to do the following:

1.  Support https.  Modify your TOMCAT server to support https as described in this document.  Then modify your diary web site from part B above so that all links, buttons etc. use https instead of http.

2.  Create a new separate statistics database.  The statistics database has one table, EventLog, which has columns: logid user logevent logtdate.  The table will keep a log when one of the following events happens in the diary website: Login, Display Entry, Add Entry, Share Entry, Delete Entry.  Below is an example of the sort of data that EventLog could contain.

































3. Create a request wrapper utility that can be used to assemble requests on the client and disassemble them on the server.  Each request has only two fields: user and logevent.  The request consists of a single string that starts and ends with !, and which separates the two fields with a single /. So the messages that would correspond to the example data in #2 above would be:








Note that no escape characters are needed.  Instead, you will ensure that user names and logevent names can not contain / or !

4.  Create a StatisticsClient component that can be called (as a java object) from the servlets within your Diary application to log events.  It will support a single operation: -logEvent <user> <logevent>.  The StatisticsClient component will send requests (created using the request wrapper utility from #3 above) to the Statistics server using the communication protocol described here. 

5.  Create a Statistics Server that will run as a standalone, multi-threaded server.  It will receive requests from the StatisticsClient and log them in the statistics database.

6.  Secure the communication between the StatisticsClient  component and the Statistics Server using SSL.  This ZIP file contains an example client and server, as well as the PREDEFINED keystore and certificate files you will need. You can also choose to generate your own keystore and certificate files by following the instructions in the attached document  

7.  Create a new separate web application, using servlets that can be used to view the statistics in the database.  The web application should provide an interface where the user can select a user name (or the keyword ALL USERS) and enter a start date and end date and then see a report summarizing user activity for that period.  This functionality is only available to administrators who know the administrative password “halloween”.  (You DO NOT need to define administrators in your database).  An example of 3 different reports that could be generated for the example data from #2 above is shown below:

User Activity Report - Sam

Start Date: 20003/09/09

End Date: 2003/09/10

Login      Display  Add        Share      Delete     Total

1              1                              1                              3


User Activity Report - Jane

Start Date: 20003/09/09

End Date: 2003/09/10

Login      Display  Add        Share      Delete     Total

1              1              1                              1              4


User Activity Report – ALL USERS

Start Date: 20003/09/09

End Date: 2003/09/10

Login      Display  Add        Share      Delete     Total

2              2              1              1              1              7

8. Hand in the following Deliverable, a zip file containing the following (in a reasonable folder hierarchy)

a) Design document which explains the architecture and design of your systems for user activity logging and reporting.  It should contain only two screenshots: one screen shots which shows your diary running under https and one screen shot which shows the creation of a sample user activity report. 

b) Clearly documented and well organized source code.

c) Test framework (inputs, expected results) which validates your user activity logging and reporting. 

c) A very brief explanation of what each member of the group contributed

Please see the marking scheme for this part.

Part D - Individual Review(10 Marks) DUE: November 26 (latest)

Each student demonstrates that they are familiar with everything done for all parts of their group project, by

a) Showing what configuration is needed to set up a new web application under SSL on Tomcat

b) Showing what would be needed to be changed in the code and configuration order for the project to use MS SQL Server instead of MySQL.

c) Showing in the code how the diary application is secured from unauthorized use (including the database interaction).

d) Showing in the code how the statistics server is secured from unauthorized logging of user activity.

e) Compiling the source code and doing a demo of both parts of the project

Deliverable: a scheduled review demonstration with the TA/Instructor