wood burning stoves 2.0*
The moose likes Servlets and the fly likes Best Practices: Downloading Binaries in a Servlet Application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Best Practices: Downloading Binaries in a Servlet Application" Watch "Best Practices: Downloading Binaries in a Servlet Application" New topic
Author

Best Practices: Downloading Binaries in a Servlet Application

B Morgan
Greenhorn

Joined: Sep 28, 2009
Posts: 2
Greetings

I'm looking for advice on the most professional way to incorporate the ability to download binary files from a J2EE web application. In such an application there would be the following requirements: 1) A client of the application must authenticate before being allowed to download anything, 2) the binary files would preferably be located external to the web application directory

In general, I know that I can store the binary files inside of the web application directory and link to the files directly. I could put them in a directory that is protected by a security-constraint in the descriptor file, satisfying requirement 1 but then the web archive would grow with the number and size of the binary files I'm storing. That I don't want. Hence, requirement 2. I could copy the binaries into the web application structure after it has been deployed but that sounds clumsy and not optimal.

In addition to the binary file itself, the web application would also present the client with a view that shows some information about the file like date, size, and description. I know how to store this data in a database along with the binary file in a BLOB column. I could satisfy requirements 1 and 2 using this approach but I don't want the database to bloat considering that I plan to have hundreds or even thousands of MB's worth of binary files. I've also read that this approach wouldn't be a good idea performance-wise.

So I'm open to suggestions as to the best way to handle this problem. Any help would be appreciated.

If it helps, my applications will be deployed using Tomcat 6 and I'm using a Linux server.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60752
    
  65

I would not put the files anywhere within the web app, either before or after the fact. That makes re-deploying and upgrading the app a nightmare. Keep them externally located.

Use a servlet that read the files and streams them as the response.

Authentication depends on how your app is authenticating. I never use container-managed authentication as I find it way too limiting.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
B Morgan
Greenhorn

Joined: Sep 28, 2009
Posts: 2
Mr. Bibeault

Thank you for your advice. In terms of storing the binary files externally, would you advise for or against storing them in a database? If there is a better alternative to storing them in a database, please advise. Thank you.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60752
    
  65

Storing them in a DB means that you need to hit the DB every time the file is downloaded. So that's a question for your DB admin.
Stefan Evans
Bartender

Joined: Jul 06, 2005
Posts: 1016
I would also vote for store the files outside of the web application, and also database.
You can still use a database to maintain the index of files and related information (security?) but it is much easier when the actual file resides on a physical disk.

As for controlling access, if you insist that all access to the files goes through a single point (your file download servlet) then thats the obvious place to put your security. You can then limit explicitly which files can be accessed via code.

William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12759
    
    5
Another point about big file downloading - if it becomes a load on your server bandwidth you can shift them to the cloud.

In this example, the big JPG is being served from Amazon's S3service. You can also control access as explained on that page.

Bill
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Best Practices: Downloading Binaries in a Servlet Application
 
Similar Threads
Test 252: Mock exam
To store files/images in a database or not
Applet for Mass File Upload
Store Files on a Server
Unable to view uploaded files in Tomcat till server is refreshed