Paul Clapham: Hello Paul, and thanks for your answer. I'm sorry, but forgot to answer to your message. My situation is exactly like the one which you described there: there are some rare cases that escape to my (immediate) control, in which some temporary files remain accidentally. Specially when such files are linked in some way to the user session, and it expires. Just as you mention, it's not very common that it happens, but I thought that it could be exploited maliciously and wanted to prevent it.
Solution: This is what I've done finally:
1. Just after creating the temporary file, I call the method "deleteOnExit ()". In my case it's almost useless, but at least I make sure that stopping the JVM (in the right manner) will delete every temporary file.
2. Wherever it's possible, I call the method "delete ()" manually. I've implemented cleaning methods in my classes for this task. There is not anything special about this.
3. Since the session may expire and certain temporary files are contained into it, as attributes, I've taken advantage of the javax.servlet.http.HttpSessionAttributeListener interface to make a wrapper class which detects when these files are attached and removed to/from the session. I've checked that this event is also triggered when the session expires, so it's perfect for this purpose. This is just what I needed
.