UniversityofWestminster SchoolofComputerScienceandEngineering 5COSC022W Client-ServerArchitectures-Coursework(2025/26) Moduleleader HamedHamzeh Unit Coursework Weighting: 60% Qualifyingmark 30% Description RESTAPIdesign,developmentandimplementation. ThisassignmentcontributestowardsthefollowingLearningOutcomes(LOS): LearningOutcomes Coveredinthis Assignment: LO1GainathoroughunderstandingofRESTfulprinciplesand theirapplicationinAPIdesign. LO2AcquirefamiliaritywiththeJAX-RSframeworkasatool for buildingRESTfulAPIsinJava. HandedOut: February2026 DueDate 24thApril2026,13:00 Expecteddeliverables ApublicGitHubrepolinkcontainsallpartsoftheproject MethodofSubmission: Videodemonstration ReportincludedinREADME.mdfileinGithub ElectronicsubmissiononBlackboardviaaprovidedlinkcloseto thesubmissiontime. TypeofFeedbackand DueDate: Writtenfeedbackwithin15workingdays. BCSCRITERIAMEETING INTHISASSIGNMENT 2.1.1Knowledgeandunderstandingoffacts,concepts,principles &theories 2.1.2Useofsuchknowledgeinmodellinganddesign 2.1.3Problemsolvingstrategies 2.2.1Specify,designorconstructcomputer-basedsystems 2.2.4Deploytoolseffectively 2.3.2Developmentofgeneraltransferableskills 3.1.1Deploysystemstomeetbusinessgoals 4.1.1Knowledgeandunderstandingofscientificandengineering principles 4.1.3Knowledgeandunderstandingofcomputationalmodelling 1 Assessment regulations Refer to section 4 of the ”How you study” guide for undergraduate students for a clarification of how you are assessed, penalties and late submissions, what constitutes plagiarism etc. Penalty for Late Submission If yousubmityourcourseworklatebutwithin24hoursoroneworkingdayofthespecified deadline, 10 marks will be deducted fromthefinalmark, asapenaltyforlatesubmission, except for work which obtains a mark in the range 40-49%, in which case the mark will be cappedatthepass mark(40%). If you submit your coursework more than 24 hours or more than one working day after the specified deadline you will be given a mark of zero for the work in question unless a claim of Mitigating Circumstances has been submitted and accepted as valid. It is recognised that on occasion, illness or a personal crisis can mean that you fail to sub mit a piece of work on time. In such cases you must inform the Campus Office in writing on a mitigating circumstances form, giving the reason for your late or non-submission. You must provide relevant documentary evidence with the form. This information will be reported to the relevant Assessment Board that will decide whether the mark of zero shall stand. For moredetailed information regarding University Assessment Regulations, please refer to the following website: http://www.westminster.ac.uk/study/current-students/resources/ academic-regulations Learning Goals:- Definekeyprinciples of REST architecture.- Differentiate between RESTful and non-RESTful APIs.- Recognize the importance of resource-based interactions.- Understand the role of JAX-RS in Java-based API development.- Explore JAX-RS annotations for resource mapping and HTTP method handling.- Implement basic resource classes using JAX-RS. Coursework: Developing a JAX-RS RESTful Service (Total 100 Marks) Module: Client-Server Architectures Title: ”Smart Campus” Sensor & Room Management API Weight: 60% of final grade 1. Introduction & Scenario Scenario: You have been appointed as the Lead Backend Architect for the university’s ”Smart Campus” initiative. What began as a pilot project for tracking individual tempera ture sensors has evolved into a comprehensive campus-wide infrastructure project. The university now requires a robust, scalable, and highly available RESTful API to manage 2 thousandsofRoomsandthediversearrayofSensors(e.g.,CO2monitors,occupancy trackers,smartlightingcontrollers)containedwithinthem. Thissystemwillbebuiltasahigh-performancewebserviceusingJAX-RS(JakartaRESTful WebServices).Yourgoalistoprovideaseamlessinterfaceforcampusfacilitiesmanagers andautomatedbuildingsystemstointeractwiththecampusdata. Objective: Thiscourseworkisdesignedtosimulateareal-worlddevelopmenttask. It assessesyourproficiency inRESTful architecturalpatterns, the implementationof re sourcenesting,andthedesignofaresilienterror-handlingstrategyusingJAX-RS.You areexpectedtodemonstrateindustry-standardpractices, includingtheuseofappropri ateHTTPstatuscodes,meaningfulJSONresponses,andalogicalresourcehierarchythat reflectsthephysicalstructureofthecampus. Core”Resource”DataModels: YouwillmodelthreeprimaryentitiesthatrepresentthecorepillarsoftheSmartCampus.Use thesePOJOsasyourfoundation,ensuringtheyareproperlyencapsulatedwithgettersandset ters: 1 public class Room { 2 private String id; // Unique identifier, e.g., “LIB-301” 3 private String name; // Human-readable name, e.g., “Library Quiet Study” 4 private int capacity; // Maximum occupancy for safety regulations 5 private List sensorIds = new ArrayList<>(); // Collection of IDs of sensors deployed in this room 6 7 // Constructors, getters, setters… 8 } 9 10 public class Sensor { 11 private String id; // Unique identifier, e.g., “TEMP-001” 12 private String type; // Category, e.g., “Temperature”, ” Occupancy”, “CO2” 13 private String status; // Current state: “ACTIVE”, ” MAINTENANCE”, or “OFFLINE” 14 private double currentValue; // The most recent measurement recorded 15 private String roomId; // Foreign key linking to the Room where the sensor is located. 16 17 // Constructors, getters, setters… 18 } 19 20 public class SensorReading { 21 private String id; // Unique reading event ID (UUID recommended) 22 private long timestamp; // Epoch time (ms) when the reading was captured 23 private double value; // The actual metric value recorded by the hardware 24 25 // Constructors, getters, setters… 26 } SmartCampusPOJOModels 3 2. Coursework Tasks (Step-by-Step) Part 1: Service Architecture & Setup (10 Marks) 1. Project & Application Configuration (5 Marks):- BootstrapaMavenprojectintegratingaJAX-RSimplementation(e.g.,Jersey)andalightweight servlet container or embedded server.- Implementasubclassofjavax.ws.rs.core.Applicationandusethe@ApplicationPath(“/api/v1”) annotation to establish your API’s versioned entry point.- Question: In your report, explain the default lifecycle of a JAX-RS Resource class. Is a new instance instantiated for every incoming request, or does the runtime treat it as a singleton? Elaborate on how this architectural decision impacts the way you manage and synchronize your in-memory data structures (maps/lists) to prevent data loss or race con ditions. 2. The ”Discovery” Endpoint (5 Marks):- Implement a root ”Discovery” endpoint at GET /api/v1. This should return a JSON object providing essential API metadata: versioning info, administrative contact details, and a mapofprimary resource collections (e.g., ”rooms”-> ”/api/v1/rooms”).- Question: Why is the provision of ”Hypermedia” (links and navigation within responses) considered a hallmark of advanced RESTful design (HATEOAS)? How does this approach benefit client developers compared to static documentation? Part 2: Room Management(20Marks) 1. RoomResource Implementation (10 Marks):- Develop a SensorRoom Resource class to manage the /api/v1/rooms path.- GET /: Provide a comprehensive list of all rooms.- POST /: Enable the creation of new rooms. Ensure the service returns appropriate feed back upon success.- GET /{roomld}: Allow users to fetch detailed metadata for a specific room.- Question: When returning a list of rooms, what are the implications of returning only IDs versus returning the full room objects? Consider network bandwidth and client side processing. 2. RoomDeletion & Safety Logic (10 Marks):- Implement DELETE /{roomld} to allow room decommissioning.- Business Logic Constraint: To prevent data orphans, a room cannot be deleted if it still has active sensors assigned to it. If a deletion is attempted on a room with sensors, your service must block the request and return a custom error response (as detailed in Part 5).- Question: IstheDELETEoperationidempotentinyourimplementation? Provideadetailed justification by describingwhathappensifaclientmistakenlysendstheexactsameDELETE request for a room multiple times. 4 Part 3: Sensor Operations & Linking (20 Marks) 1. Sensor Resource & Integrity (10 Marks):- Implement SensorResource to manage the /api/vl/sensors collection.- POST /: When a newsensor is registered, your logic must verify that the roomld specified in the request body actually exists in the system.- Question: Weexplicitly use the @Consumes (MediaType.APPLICATION_JSON) annotation on the POST method. Explain the technical consequences if a client attempts to send data in a different format, such as text/plain or application/xml. How does JAX-RS handle this mismatch? 2. Filtered Retrieval & Search (10 Marks):- Enhance GET /api/vl/sensors to support an optional query parameter named type (e.g., GET /api/vl/sensors?type=CO2). If provided, the response must filter the list to only in clude matching sensors.- Question: Youimplementedthisfilteringusing@QueryParam. Contrastthiswithanalterna tive design where the type is part of the URL path (e.g., /api/vl/sensors/type/CO2). Why is the queryparameterapproachgenerallyconsideredsuperiorforfilteringandsearching collections? Part 4: Deep Nesting with Sub- Resources (20 Marks) A key requirement is to maintain a historical log of readings for every sensor on campus. 1. The Sub-Resource Locator Pattern (10 Marks):- InyourSensorResourceclass,implementasub-resourcelocatormethodforthepath{sensorld}/readings This method should return an instance of a dedicated SensorReadingResource class.- Question: Discuss the architectural benefits of the Sub-Resource Locator pattern. How doesdelegating logic to separate classes help manage complexity in large APIs compared to defining every nested path (e.g., sensors/{id}/readings/{rid}) in one massive con troller class? 2. Historical Data Management (10 Marks):- Within SensorReadingResource, implement GET / to fetch history and POST / to append new readings for that specific sensor context.- Side Effect: A successful POST to a reading must trigger an update to the currentValue f ield on the corresponding parent Sensor object to ensure data consistency across the API. Part 5: Advanced Error Handling, Exception Mapping & Logging (30 Marks) YoumustensuretheAPIis”leak-proof” it should never return a raw Java stack trace or a default server error page. Furthermore, the API requires observability through proper request and response logging. Implement specific Exception Mappers and Filters for these scenarios. 1. Resource Conflict (409) (5 Marks):- Scenario: Attempting to delete a Room that still has Sensors assigned to it. 5 – Task: Create a custom RoomNotEmptyException. Implement an Exception Mapper that re turnsanHTTP409ConflictwithaJSONbodyexplainingthattheroomiscurrentlyoccupied by active hardware. 2. Dependency Validation (422 Unprocessable Entity) (10 Marks):- Scenario: A client attempts to POST a new Sensor with a roomld that does not exist.- Task: Create a LinkedResourceNotFoundException. Use an Exception Mapper to return an HTTP 422 Unprocessable Entity (or a 400 Bad Request).- Question: WhyisHTTP422oftenconsideredmoresemanticallyaccurate than a standard 404 whenthe issue is a missing reference inside a valid JSON payload? 3. State Constraint (403 Forbidden) (5 Marks):- Scenario: Asensorcurrently markedwiththestatus”MAINTENANCE”isphysicallydiscon nected and cannot accept new readings.- Task: Create a SensorUnavailableException. Map this to an HTTP 403 Forbidden status when aPOST reading is attempted. 4. The Global Safety Net (500) (5 Marks):- Task: Implement a ”catch-all” ExceptionMapper. This mapper must intercept anyunexpectedruntimeerrors (e.g., NullPointerException, IndexOutOfBoundsException) and return a generic HTTP 500 Internal Server Error.- Question: From a cybersecurity standpoint, explain the risks associated with exposing internal Java stack traces to external API consumers. What specific information could an attacker gather from such a trace? 5. API Request & Response Logging Filters (5 Marks):- Task: Implement API observability by creating a custom filter class that implements both ContainerRequestFilter and ContainerResponseFilter. Use java.util.logging.Logger to log the HTTP method and URI from the ContainerRequestContext for every incoming request, and log the final HTTP status code from the ContainerResponseContext for every outgoing response.- Question: Why is it advantageous to use JAX-RS filters for cross-cutting concerns like logging, rather than manually inserting Logger.info() statements inside every single re source method? 6 3. Submission & Marking Breakdown Professional Practice (Mandatory Prerequisites) GitHub Hosting: The project must be hosted in a public GitHub repository. Your reposi tory must contain a README.md that provides:- Anoverview of your API design.- Explicit, step-by-step instructions on how to build the project and launch the server.- At least five sample curl commands demonstrating successful interactions with dif ferent parts of the API. VideoDemonstration: Amaximumof10-minutevideodemonstrationofpostmantests. The video must beuploadeddirectly to the BlackBoard submission link. There is no need to show the coding part. Please note that the video demonstration is mandatory for the assessment. In the video demonstration, you MUST be present and speak clearly. Report: The report must be prepared in a PDF format, which must only include the an swers to the questions in each part. There is no need to include test cases and an intro duction. Evaluation Criteria- Part 1 (Setup & Discovery): 10 Marks- Part 2 (Room Management): 20 Marks- Part 3 (Sensors & Filtering): 20 Marks- Part 4 (Sub- Resources): 20 Marks- Part 5 (Error Handling & Logging): 30 Marks- Conceptual Report: This document must only contain the written answers to the ques tions found in each section of your report. Keep in mind that your report’s overall mark is influenced by your performance on each task, with 20% of the total score allocated to answering specific questions. For instance, in task 3.1, you can earn 2 mark out of 10 by including a proper response to the question posed. Be sure to address these questions thoroughly to maximise your scores! Please note that the report must be organised and written in the README.md file on GitHub- Video Demonstration: Please keep in mind that each task of the coursework requires a recorded video demonstration to showcase your work. This video demonstration is sig nificant, as it accounts for 30% of the total score for each task. For instance, in Task 3.1, the video demonstration will contribute 3 marks out of the total 10 marks available for that task. Make sure to put effort into your video presentations, as they are an important part of your overall assessment. Please note that you should clearly present during the video presentation. Therefore, it is critical to ensure that your cameraandmicrophoneare working properly. Failing to submit a recorded video presentation will result in a 20% loss of marks on each task that requires video recording. Please note that the Video Demon stration link/File must be included in BlackBoard submission link.- Coding: Please note that the allocated mark for coding for each section is 50%, which means that if a section has 10 mark, 5 marks is allocated to coding, 3 mark is allocated to video demonstration and 2 mark is allocated to answering questions in the report. 7 – Technology Stack: You must only use JAX-RS. Using other technologies like Spring boot are not allowed, which means that you will receive immediate ZERO mark for the whole coursework.- NOZIP FILE: PLEASE NOTE THAT, SUBMITTING ANY ZIP FILE INSTEAD OF HOSTING THE APP IN THEGITHUBWILLRESULTINZEROMARKFORTHEWHOLECOURSEWORK.- Database: YouarenotallowedtouseanydatabasetechnologylikeSQLServer. Otherwise, you will receive ZERO mark for the coursework. You must only use data structures like Hashmap or ArrayList. 8
5COSC022W_Coursework Specification(1) (1)
Evan John