CSI5380 Project & Presentation
Worth 70 marks out of a 100 for the course. Projects will be done in groups of 4 people.
Part 0 due September 20 (5 marks)
Definition of groups and Hello World.
Part 1 due October 21 (30 marks)
All groups will build the same simple e-commerce site by (code, design document and test cases submitted electronically).
Part 2 due October 28 (5 marks)
Each group will review and audit the work of another group.
Part 3 due November 18, November 25, December 2 (30 marks)
Each group will choose a research topic to extend their e-commerce site and present in class.
LATE POLICY
-10% for any part of the project that is handed in after the due date
-20% if it is handed in more than 1 week after the due date
No deliverables will be accepted that are handed in more than 2 weeks after the due date.
Only in very rare circumstances will extensions be given. AND only if the request is made in a timely fashion. E.g. if you want a 1 week extension, you must ask me at least 1 week before the due date AND have a valid reason for needing one.
Environment
Students are responsible for setting up their own project environments. Arrangements have been made so that the following are part of the standard setup in both the graduate and undergraduate labs. There is a setup document which describes where to get these and how to install them if you are setting up your own environment (at home or in your research lab).
JDK 7
Tomcat 7 (open source Java web server which supports servlets)
MySQL 5.5 (open source SQL database)
Connector J 5.1 (JDBC driver for MySQL)
In addition it is recommended that you use NetBeans 7 for your IDE (or possibly Eclipse)
You may use other environments as long as they are Java based and your project work uses servlets and JDBC. Please see the course References page for links to Tomcat, and MySQL (including jdbc drivers, and user interfaces).
There are often hiccups in getting your environment configured and setup. Students are actively ENCOURAGED to collaborate and help each other. If you have any problems getting set up, please report them on the WEBCT FORUM for the class. If you are set up, read the forum and offer help.
Part 0 – Project Definition – 5 marks – Due September 20
You must organize yourselves into groups of 5 students.
Each group needs to have a name (e.g. the ecoms) and a group leader who will coordinate the group and interact with me.
EVERY member of the team should install the same development environment and use the same IDE.
To get the 5 marks, EVERY member of the team, must send the TA, Natalia (ncast056@uottawa.ca ) an email that includes:
a) their name and student number
b) their group name, team leader name, and team leader email
c) short description of their development machine, environment and IDE (e.g. Windows 8 laptop, tomcat/mysql, Netbeans)
d) a screen shot and source code that shows that you can display a web page, running on your machine, using the https: protocol. See this document for a description of how to modify TOMCAT to support https.
e) the screenshot must be a single file with a size <100KB (copy image to PAINT, save as BW BMP, then save as GIF), and the source code must be text only (zipped into a single file) with a size <50KB (remove all .obj, .lib, .war etc….just send me .java or .jsp files).
The web page must display a list of product categories read from the database (see Part 1 below for the database schema and database to use and an explanation of what product categories are).
This to ensure that your environment is set up and you are able to use JDBC to read from the database and display a web page. You will NOT be marked on the way the code is written (for this part only!) it just has to run.
In addition, the team leader should also send me the group’s proposed topic for part 3.
Part 1 – CD Store – 30 marks – Due October 21
Create an online CD store web site. Visitors to the web site:
1. can browse a product catalog of cds
2. select and add CDs to a shopping cart
3. “check out” by providing credit card information and shipping information to purchase the items in the shopping cart
The following sample data base schema and data can be used as a basis for the store. It is in MySQL but you are welcome to use other databases besides MySQL and you are encouraged to add more data entries to your database. Feel free to share database schema extensions and extra data via WebCT.
It is important that the architecture of your CD Store exhibit:
Good coding style (style sheets, javascript, HTML, server side processing, comments etc.)
Layers and design patterns (client, web, business, data, templates, controllers, etc.)
Quality Assurance framework with test drivers and test data.
Please pay careful attention to the grading scheme at the end of this description!
Please read this message that describes my policy for those who would like to innovate or do something slightly different than what is described below.
Below are the RECOMMENDED parts of your web site that you should build.
It is acceptable to simply have a single .jsp for each of the pages described below, and a servlet for each of the session controller, product catalog service, order process service. The Database Agent should be a separate package. The Product Catalog and Order Process Services will each create their own instance of a Data Base Agent.
A. Database Agent
It should support the following functionality:
-startTransaction, endTransaction
-executeSQL(queryid, parameter-list)
-executes the query specified by queryid, parameterlist and returns the number of rows affected.
-getQueryResult(queryid, parameterlist)
-executes the query specify by queryid, parameterlist and returns a resultSet
Notes:
The DataAgent must be scalable (e.g. use a connectionPool, see attached for an example.) and configurable (sql statements are specified in a config. File read at run-time as are the settings for the connection pool). The Database Agent should be a package of java classes used by both the Product Catalog and Order Process services.
B. Product Catalog Service
It should support the following functionality.
-getCategoryList()
gets the list of product categories for the store
-getProductList (categoryid)
-gets the list of products for a category, or all products if no category is specified
-getProductInfo(productid)
-gets the detailed product information for a product.
Notes:
Ideally, the Product Catalog Service should be implemented as a Web Service using the SOAP protocol. It should run as a separate application from the Order Process Service and the Web application. (i.e. it has its own database agent). However, it is also acceptable if the Product Catalog Service is implemented as a servlet (Calls to the Product Catalog Service are HTTP Get requests that return the result as a single XML or JSON document stream, arguments are passed in as Get Variables.)
C. Order Process Service
It should support the following functionality.
-createOrder(shoppingCartInfo, shipping info)
-creates a purchase order including shipping, taxes, total amount due based on shopping cart info
-createAccount(accountName, accountInfo)
- creates an account with name accountName, and stores accountInfo (name, password, defaultPaymentInfo), fails if the accountName already exists
-getAccount(accountName, accountPassword, accountInfo)
- returns accountInfo if accountName exists and accountPassword is correct
-confirmOrder( purchaseOrder, shippingInfo, paymentInfo)
-authorizes order based on payment info, and stores shipping info with order
Notes:
Ideally, the Order Process Service should be implemented as a Web Service using the SOAP protocol. It should run as a separate application from the Product Catalog Service and the Web application. (i.e. it has its own database agent). However, it is also acceptable if the Order Process Service is implemented as a servlet (Calls to the Order Process Service are HTTP Post requests that return the result as a single XML or JSONdocument stream, arguments are passed in as XML document in a single Post Variable)
D. Session Controller
You web site should use an Model View Controller architecture. The session controller will mediate between the “model” provided by the business services (B and C above) and the “view” created by the .jsp and HTML pages of your CD Store web site (E, F, and G below). The controller will also manage session information while a visitor is shopping in your store related to the shopping cart (items selected, address, etc.) until they are officially “ordered”.
Ideally the Session Controller will be a Servlet, but it could be implement as a Javascript eventHandler function as well.
E. CD Store Page
The CD Store Page displays the contents of the store organized by category and by product.
The visitor can browse CD Categories (Rock, Pop, Country) and see the CDs available.
They can click on a CD title and see the information for that title (price etc.).
They can also add an individual CD to their shopping cart.
And, of course, all the product catalog data that is being displayed should be provided using the Product Catalog service from Part 1.
F. Shopping Cart Page and Checkout
The Shopping Cart Page allows a visitor to view all the items they have currently put in their shopping basket and their information (price, etc.).
The visitor should be able to remove individual items from the shopping cart.
The visitor can also “checkout” indicating they wish to purchase the items in the shopping cart.
At that point an order is created in the Order Process service and the visitor is transferred to the Account Order page.
G. Account Order Page
The visitor is prompted to either log into their account with a password, or create a new account.
For a new account they enter their account name, password, and default billing and shipping information.
The new account is submitted to the Order Processing service. If the account name already exists the user is prompted to use a different account name.
To submit their order, they verify their billing and shipping information, and enter in their credit card number.
When the order is submitted, a request should be made to the Order Process service to authorize the order.
You should hard code that every 5th request is refused on your website.
If the order is approved, you should display “Order Successfully Completed.”
If it is denied, you should display “Credit Card Authorization Failed.”
H. Security
In addition, the store website should run under https (SSL). See this document for a description of how to modify TOMCAT to support https.
Account Order page (AND the Submit Order action) must be secured so that a login is required and the password is not passed in plain text.
The visitor MUST type in their credit card each time. It should not be stored.
Deliverable: a single zip file containing the following (in a reasonable folder hierarchy)
a) Design document (a roadmap to the source code and the application which explains the architecture – UML is expected where appropriate) and illustrates with a few screenshots of the application running.
b) Clearly documented and well organized source code.
c) Test drivers and test data AND an execution log file to demonstrate unit and system testing of your web site. (See Alan Williams slides on Testing Web Applications )
d) A very brief explanation of what each member of the group contributed.
e) The single zip file should be <2MB in size. (copy images to PAINT, save as BW BMP, then save as GIF BEFORE inserting into Word, and the source code must be text only by removing all .obj, .lib, .war etc….just send me .java or .jsp files but maintain the folder structure so it will build properly).
GRADING:
5 Marks Testing and Screenshots
5 Marks Documentation
10 Marks Code & Design
10 Marks Individual Audit
Part 2: Peer Review – Due October 28 – 5 Marks
Each group will grade the project from another group according to the attached template and provide comments.
This will include an individual audit to evaluate overall knowledge of project and participation.
Professor will review and provide official feedback and mark.
Part 3: Research Topic and Presentation – 30 marks
Each group must select from one of the research topics listed below or propose their own topic and:
A. research the relevant academic literature, technologies, web links, and standards relevant to the enhancement
B. write additional prototype code for your CD Store to illustrate how it can be implemented
C. evaluate your implementation with other approaches from industry or the literature
D. give a 40 minute presentation of A) B) and C) including the facilitation of a class discussion (see presentation guidelines)
a. Each group member must present for 10 minutes and take responsibility for the research, prototyping and presentation of their section.
10 marks content (individual)
10 marks presentation (individual)
10 marks overall success (group)
Topic must be approved by instructor. Each group must do a different topic. Groups may propose a topic different from the ones listed below.
If groups wish to they can incorporate the extension and hand it in as part of their Part 1 deliverable (since in some cases, like, 3, 4, 5 below this may result in less coding).
Create an identity provider service that registers users on behalf of many different websites including your own (e.g. similar to Microsoft Passport). Implement support for registered users using LDAP. The registration should support storage of user preferences. It should also handle billing on behalf of all websites. When visitors register they are assigned to one of three groups: Browser (can look but not shop), Credit (can shop but pay by credit card), or Invoice (shop and do not need to pay right away, they will be invoiced later). The CD Store should be updated to handle visitors accordingly.
Create a service that collects and provides data on shopping patterns on behalf of many different websites including your own (e.g. similar to DoubleClick). The service provides a profile for any “known” user. It also collects data events from the website in order to build a “profile” of “known users”. A user becomes “known” by using cookie synchronization between websites and the service. The service also provides reports that summarize the data collected across all known users, and which can be used to look for anomalies (Identify theft) or target marketing campaigns (e.g. soccer mom). Use Google Adsense to collect statistics.
3. AJAX Client
Re-implement the CD website as an AJAX application (i.e. there is a single HTML file plus DHTML/Javascript that defines the entire presentation of the web site). Communication is done directly from the browser to the business services. Ensure that the application runs on at least two of Internet Explorer, FireFox, Netscape. Provide an exhaustive comparison (advantages, disadvantages) between your AJAX client versus traditional web pages. Use a toolkit like Yahoo, Google, MS
4. Facebook Integration
Integrate your website with Facebook. Many possibilities. One is support FaceBook Friends feature in your website.
5. Mobile Client
Create a mobile client that allows a user to interact with the web site from either a Windows Mobile or Blackberry device. You do not need to have a device, it is acceptable to build it using an emulator. Summarize and compare the technologies and challenges for mobile devices with that of PCs.
6. Support Processes (BPEL, BPMN)
Design business processes to deal with support calls to your website’s 1800 phone number, or support email address:
Problems with the web site
Billing Problems (overcharged)
Delivery Problems (defective or undelivered cds)
Implement an example process using BPEL (recommend Oracle BPEL engine and IDE) or MS Workflow.
7. Website Monitoring (LOG4J, Reports)
Update the CD Store to log events using Log4J (or related technology) to enable website monitoring of both performance (number of requests/second) and activiy (number of View Details requests, Add Product to Shopping Cart, Checkout Success or Unsuccessful …). Create an admin app that can view stats on the events that are ocurring the web site. Support the generation of alerts. Use the monitoring facility to design scalability tests and reporting (show how performance scales based on the number of users connecting, the size of the database, and the size of your connection pool.) Use Google Adsense.
8. Faces or Ruby on Rails or Spring or any other Applicastion Framework
Implement your project using JavaServer Faces or Ruby on Rails or Spring or any other Application Framework. Compare and contract with Web Service approach and WAF approach to Pet Store.
9. Privacy (PIPEDA, P3P, XACML)
Define a privacy policy for your website that indicates how your web site complies with PIPEDA. Investigate the P3P standard for specifying the privacy policy of your web site and its interaction with the preferences specified by different visitors to your site. Write three different P3P policies for your web site, and three different P3P policies for different visitors and compare the interaction. Survey tools for tracking compliance. Use at least one to illustrate privacy issues on your web site. Investigate XACML as an alternative
10. Accessibility
Investigate guidelines and tools for tracking accessibility compliance. Modify your web site so that it has customized support (different look) for Netscape, I.E., and a PDA browser. Use a PDA emulator to validate.
11. Internationalization / Localization
Support more than one language in your store (English, French, German, Japanese, Chinese, etc.). Provide a generic mechanism with clear instructions how an additional language could be supported. Allow a user to switch languages at any time in the store. Have the default selection be based automatically on your Windows regional settings when using Internet Explorer.
12. Patterns
Select one design pattern for each person in your group. The design pattern must be one that was NOT covered in class. Create example code in your CD Store that shows how the design pattern works, AND find an example in the Pet Store Blue Print (or possibly another groups project code) to illustrate the design pattern at work. Provide references where the design pattern is documented as well as references to similar or complementary design patterns (NOT presented by your group).
13. E-Payment
Research and compare different approaches and alternatives to E-Payment. Implement full integration with PayPal.
14. Public Key Infrastructure
Research and compare technologies for supporting public key infrastructure including smart cards, electronic signatures. Implement support for public key encryption and non-repudiation using Entrust in your CD Store.
15. Cloud Computing
Implement your store as vmware and run it in a computing cloud (Amazon, MS, Google)
16. Event Driven Architecture
Use the Glassfish Event framework to provide event-driven processing for your website.
17. Threat Risk Assessment/ Vulnerability Assessment
Evaluate your web site for security risks.
18. Data Mashups
Create a data mashup with data from your website … integrated with services and data from other websites (e.g. google maps). Use a mashup tool like Yahoo pipes.