diff --git a/converter-graphics/src/main/java/lcsb/mapviewer/converter/graphics/ImageGenerators.java b/converter-graphics/src/main/java/lcsb/mapviewer/converter/graphics/ImageGenerators.java
index c0cecc00c73722cf4db5e4ee0a2fa02ee9ba9425..ad9709457bb3f7d59df8b8749255c42dec0aa799 100644
--- a/converter-graphics/src/main/java/lcsb/mapviewer/converter/graphics/ImageGenerators.java
+++ b/converter-graphics/src/main/java/lcsb/mapviewer/converter/graphics/ImageGenerators.java
@@ -1,6 +1,6 @@
 package lcsb.mapviewer.converter.graphics;
 
-import java.awt.*;
+import java.awt.Color;
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.util.ArrayList;
@@ -160,6 +160,15 @@ public class ImageGenerators {
     throw new InvalidArgumentException("Unknown class type: " + generatorClass);
   }
 
+  public boolean isValidClassName(String generatorClass) {
+    for (Pair<String, Class<? extends AbstractImageGenerator>> element : availableGenerators) {
+      if (element.getRight().getCanonicalName().equals(generatorClass)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
   /**
    * Returns file extension that should be used for files generated by
    * implementation of {@link AbstractImageGenerator} class.
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java
index 43c25bce79f8d9f1420014eb479ee9b11fbbd382..c10b49f2639d385c105a252f725c49e00be13a75 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/models/ModelRestImpl.java
@@ -1,6 +1,5 @@
 package lcsb.mapviewer.api.projects.models;
 
-import java.awt.Color;
 import java.awt.geom.*;
 import java.io.*;
 import java.util.*;
@@ -27,7 +26,6 @@ import lcsb.mapviewer.model.cache.UploadedFileEntry;
 import lcsb.mapviewer.model.map.InconsistentModelException;
 import lcsb.mapviewer.model.map.layout.*;
 import lcsb.mapviewer.model.map.model.*;
-import lcsb.mapviewer.model.map.species.Element;
 import lcsb.mapviewer.model.user.User;
 import lcsb.mapviewer.services.interfaces.ILayoutService;
 import lcsb.mapviewer.services.utils.ColorSchemaReader;
@@ -72,6 +70,9 @@ public class ModelRestImpl extends BaseRestImpl {
       throw new QueryException("Invalid modelId: " + modelId);
     }
     Model model = getModelService().getLastModelByProjectId(projectId);
+    if (model == null) {
+      throw new ObjectNotFoundException("Project with given id doesn't exist");
+    }
     Model submodel = model.getSubmodelById(modelId);
     if (submodel == null) {
       return null;
@@ -193,7 +194,7 @@ public class ModelRestImpl extends BaseRestImpl {
     if (overlayIdsList.length > 0) {
       new ClearColorModelCommand(part).execute();
     }
-    
+
     if (!backgroundOverlayId.equals("")) {
       Layout overlay = project.getLayoutByIdentifier(Integer.valueOf(backgroundOverlayId));
 
@@ -205,10 +206,9 @@ public class ModelRestImpl extends BaseRestImpl {
 
         // if it's clean then remove coloring
         new ClearColorModelCommand(part).execute();
-      }       
+      }
     }
 
-    
     // Color with overlays
     for (String overlayId : overlayIdsList) {
       Layout overlay = layoutService.getLayoutById(Integer.parseInt(overlayId.trim()));
@@ -367,6 +367,9 @@ public class ModelRestImpl extends BaseRestImpl {
     }
 
     ImageGenerators imageGenerator = new ImageGenerators();
+    if (!imageGenerator.isValidClassName(handlerClass)) {
+      throw new QueryException("Invalid handlerClass");
+    }
     String extension = imageGenerator.getExtension(handlerClass);
     File file = File.createTempFile("map", "." + extension);
 
diff --git a/web/src/test/java/lcsb/mapviewer/web/ControllerIntegrationTest.java b/web/src/test/java/lcsb/mapviewer/web/ControllerIntegrationTest.java
index a966faf2a7827e9f55639b9c5e795086661d8dc9..3983113dc8a4d9a79f3d97abb9a21e439bbf5d3f 100644
--- a/web/src/test/java/lcsb/mapviewer/web/ControllerIntegrationTest.java
+++ b/web/src/test/java/lcsb/mapviewer/web/ControllerIntegrationTest.java
@@ -179,6 +179,7 @@ abstract public class ControllerIntegrationTest {
   protected Project createProject(String projectId) {
     Project project = new Project(projectId);
     ModelData map = new ModelData();
+    map.setTileSize(256);
     map.setWidth(100);
     map.setHeight(100);
 
@@ -187,6 +188,10 @@ abstract public class ControllerIntegrationTest {
     reaction.setLine(new PolylineData(new Point2D.Double(0, 0), new Point2D.Double(10, 0)));
     map.addReaction(reaction);
     Element element = new GenericProtein("p1");
+    element.setWidth(100.0);
+    element.setHeight(20.0);
+    element.setX(10);
+    element.setX(20);
     element.setZ(2);
     map.addElement(element);
 
diff --git a/web/src/test/java/lcsb/mapviewer/web/MapControllerIntegrationTest.java b/web/src/test/java/lcsb/mapviewer/web/MapControllerIntegrationTest.java
index d6bb18f9fe88cb9265ff4c7adfdf5fe505da8353..133e6f25fe345138abad4dd6a102850b72cccf5b 100644
--- a/web/src/test/java/lcsb/mapviewer/web/MapControllerIntegrationTest.java
+++ b/web/src/test/java/lcsb/mapviewer/web/MapControllerIntegrationTest.java
@@ -3,6 +3,7 @@ package lcsb.mapviewer.web;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import org.apache.logging.log4j.LogManager;
@@ -20,6 +21,8 @@ import org.springframework.transaction.annotation.Transactional;
 import com.google.gson.JsonParser;
 
 import lcsb.mapviewer.common.Configuration;
+import lcsb.mapviewer.converter.graphics.PngImageGenerator;
+import lcsb.mapviewer.converter.model.celldesigner.CellDesignerXmlParser;
 import lcsb.mapviewer.model.Project;
 import lcsb.mapviewer.model.map.model.ModelData;
 import lcsb.mapviewer.model.security.PrivilegeType;
@@ -81,7 +84,7 @@ public class MapControllerIntegrationTest extends ControllerIntegrationTest {
   public void testGetAllElementsForUndefinedProject() throws Exception {
     MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
         ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
-    
+
     RequestBuilder request = get("/projects/*/models/*/bioEntities/elements/")
         .contentType(MediaType.APPLICATION_FORM_URLENCODED)
         .session(session);
@@ -171,7 +174,6 @@ public class MapControllerIntegrationTest extends ControllerIntegrationTest {
     MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
         ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
 
-
     RequestBuilder request = get(
         "/projects/*/models/*/bioEntities/suggestedQueryList")
             .contentType(MediaType.APPLICATION_FORM_URLENCODED)
@@ -199,4 +201,103 @@ public class MapControllerIntegrationTest extends ControllerIntegrationTest {
     assertEquals((int) map.getId(), mapId);
   }
 
+  @Test
+  public void testGetMapByIdWithUndefinedProject() throws Exception {
+    MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
+        ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/models/" + map.getId())
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testGetMapsWithUndefinedProject() throws Exception {
+    MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
+        ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/models/")
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testUpdateMapWithUndefinedProject() throws Exception {
+    MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
+        ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    String content = "{}";
+
+    RequestBuilder request = patch("/projects/*/models/" + map.getId())
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+        .session(session)
+        .content(content);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testDownloadImage() throws Exception {
+    MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
+        ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/" + TEST_PROJECT + "/models/" + map.getId() + ":downloadImage?" +
+        "handlerClass=" + PngImageGenerator.class.getCanonicalName())
+            .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+            .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful());
+  }
+
+  @Test
+  public void testDownloadImageWithUndefinedProject() throws Exception {
+    MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
+        ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/models/" + map.getId() + ":downloadImage?" +
+        "handlerClass=" + PngImageGenerator.class.getCanonicalName())
+            .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+            .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testDownloadModel() throws Exception {
+    MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
+        ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/" + TEST_PROJECT + "/models/" + map.getId() + ":downloadModel?" +
+        "handlerClass=" + CellDesignerXmlParser.class.getCanonicalName())
+            .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+            .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful());
+  }
+
+  @Test
+  public void testDownloadModelWithUndefinedProject() throws Exception {
+    MockHttpSession session = createSession(ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_LOGIN,
+        ControllerIntegrationTest.BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/models/" + map.getId() + ":downloadModel?" +
+        "handlerClass=" + CellDesignerXmlParser.class.getCanonicalName())
+            .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+            .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+
 }