bastianneu bastianneu - 2 days ago 4
Java Question

Best practice to store temporary data for a webapp

My newest project is able to generate documents with information from a database.

So I copy the document template on demand to a temporary folder for a user and modify it. I do this because every template must be available during modification.

Afterwards the user is awarded with his document via a download link from my webapp.

My question: Is there a best practice for storing webapp data ? I thought temp would be nice for it. But since I have to delete the data myself I thought of placing it besides my WAR folder in the tomcat webapp folder.

I use Windows 2003 as a host system with Tomcat. I use Grails, Java and Maven for my project...don't know if this information is needed.

Edit:

Main reason why I ask this trivial question is...if I take care of creating/deleting my temporary data...is it still a good practice to use temp folder on the system?
I am not sure about this...

Answer

When storing (sensitive) user-specific files in webapp, ensure that you store it somewhere in /WEB-INF and access them with a Servlet which (indirectly) checks the logged in user, otherwise it's accessible for any user/hacker on the world wide web. The advantage is that it's easily accessible programmatically by ServletContext#getResource() or #getRealPath(). The disadvantage is that they will get lost whenever you redeploy the webapp.

You can also store them in the default temporary folder. The advantage is that it is accessible by standard API's like File#createTempFile() or System.getProperty("java.io.tmpdir"). The temporary folder has the disadvantage that OS-controlled folder cleanup is not controllable from Java, so you may risk the stuff getting lost whenever you close the resource but still need it later.

You can also store them in a fixed folder outside the webapp. It has the advantage that the stuff don't get lost whenever you redeploy the webapp. The disadvantage is that you need to create the folder yourself with sufficient OS rights, which may not be applicable in 3rd party hosts.

Cleaning your own temporary resources certainly belongs to the tasks you need to do yourself. I wouldn't consider it as a concern.

Just outweigh the advantages/disadvantages.

Comments