Best practice to store temporary data for a webapp

java tomcat grails
bastianneu picture bastianneu · Dec 28, 2009 · Viewed 39.7k times · Source

My newest project is able to generate documents with information from a database.

So I copy the document template on demand to a temporary folder for a user and modify it. I do this because every template must be available during modification.

Afterwards the user is awarded with his document via a download link from my webapp.

My question: Is there a best practice for storing webapp data ? I thought temp would be nice for it. But since I have to delete the data myself I thought of placing it besides my WAR folder in the tomcat webapp folder.

I use Windows 2003 as a host system with Tomcat. I use Grails, Java and Maven for my project...don't know if this information is needed.

Edit:
Main reason why I ask this trivial question is...if I take care of creating/deleting my temporary data...is it still a good practice to use temp folder on the system? I am not sure about this...

Answer

BalusC picture BalusC · Dec 28, 2009

When storing (sensitive) user-specific files in webapp, ensure that you store it somewhere in /WEB-INF and access them with a Servlet which (indirectly) checks the logged in user, otherwise it's accessible for any user/hacker on the world wide web. The advantage is that it's easily accessible programmatically by ServletContext#getResource() or #getRealPath(). The disadvantage is that they will get lost whenever you redeploy the webapp.

You can also store them in the default temporary folder. The advantage is that it is accessible by standard API's like File#createTempFile() or System.getProperty("java.io.tmpdir"). The temporary folder has the disadvantage that OS-controlled folder cleanup is not controllable from Java, so you may risk the stuff getting lost whenever you close the resource but still need it later.

You can also store them in a fixed folder outside the webapp. It has the advantage that the stuff don't get lost whenever you redeploy the webapp. The disadvantage is that you need to create the folder yourself with sufficient OS rights, which may not be applicable in 3rd party hosts.

Cleaning your own temporary resources certainly belongs to the tasks you need to do yourself. I wouldn't consider it as a concern.

Just outweigh the advantages/disadvantages.

Related questions

How do I properly set the permgen size?

I have this VM with tomcat, java, and grails in it. I've been getting permgen errors so I looked around and found the solution: set JAVA_OPTS="-Xms256m -Xmx1024m -XX:PermSize=512m -XX:MaxPermSize=512m" I use SSH …

Read More
java.io.FileNotFoundException (permission denied) despite chmod 777

I have faced strange poblem while writing Grails application deployed on Tomcat. After creating simple test controller I want to write test contents in package com package com.domain.controller import java.io.File; import java.io.PrintWriter; class TestController { …

Read More
Best practices for deploying Java webapps with minimal downtime?

When deploying a large Java webapp (>100 MB .war) I'm currently use the following deployment process: The application .war file is expanded locally on the development machine. The expanded application is rsync:ed from the development machine to the live …

Read More