I have a simple web application which lets the user upload local user data and then they can generate HTML reports from that uploaded data. Once the HTML is generated, I display a link to the report which they can click on to view in their browser or they can share the link with others.

The problem is that I am currently putting the “/Upload” folder in the “WEB-INF” folder because I don’t want that folder data accessible to the outside world. I am then putting the “Reports” folder in the root directory of the web application. This work fine in that I can deploy the WAR file to the their server, the user can upload the files, and then request for HTML reports to be generated. The problem is that when I send them software updates in the WAR file it deletes everyone in the /MyWebApp directory including the /Upload and /Reports folder. So then the user has to re-upload the data and they loose any of their existing reports in the “/Reports” folder.

Now I did find an answer for the /Upload folder on StackOverflow with this discussion.
Where can I put an uploading folder so that when I deploy/undeploy the site in Tomcat that folder won’t be affected

But I still don’t know where to put my “/Reports” folder? I thought I would have to put it in the web application context directory as I am doing now in order for the Tomcat server to serve it up as a link (e.g.: http://example.com/MyWebApp/Reports/report01.html).

The other thing to note is that this application is running on Apache Tomcat only, I don’t have the request going through an Apache server. We decided to just have it running on the users local server with Tomcat because it seems easier to deploy then trying to deploy and configure both to work together. Also, there are only 2-3 people using this application per server site and with that load Tomcat seems to be doing a great job handling everything on its own. So maybe that is making the solution more difficult?

Any hep with best practices for this would be greatly appreciated.