How to store a BLOB and authenticate users to download it?

I am writing a simple plugin that generates a special purpose Powerpoint presentation from an existing Confluence page.

The file needs to be (1) generated upon the user clicking a button, (2) stored somewhere temporarily and (3) be offered to the (authenticated) user to download by an “open/dowload file” prompt.

The user interface part (1) is working as expected, but I am stuck in (2)nd and (3)rd part. Currently I am storing the file in the local plugin directory by most basic means:

File file = new File("export.pptx");
// ... Open stream, write to file and close stream

But I am aware that this is far from being the best practice. Where should I store these generated files instead? How can I authenticate the user who clicked the button to access this file, get a Uniform Resource Identifier belonging to the file so that I can redirect the user to this address and pop up the “open/download file” prompt?

By examining other plugins, I’ve concluded that I am probably going to need to use the GateKeeper interface, but there are unfortunately no tutorials about using it. Therefore, a most basic functional code example would be highly appreciated.

Hi @arinmirza,

(2): From the scenario you describe, I’m assuming you don’t need to keep the file around once the user downloaded it. Now, if the file is small enough and doesn’t need to be kept, I would suggest you don’t store it on the file system at all, but rather keep it in memory.
If it’s too large for that or if you expect your customers to do this a lot, then you might run out of memory, which would be bad. In that case you could look at creating a temp file in the confluence local home (bootstrapManager.getLocalHome()) which should have a temp directory. Might also be the shared home though, not exactly sure.

(3): Depending on whether you use a servlet or a JAX-RS class for that, you can always get the corresponding HttpServletRequest:

	public Response getSomething(@Context HttpServletRequest request) {

		UserProfile userProfile = userManager.getRemoteUser(request);


	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		UserProfile userProfile = userManager.getRemoteUser(request);

… and with that request and the UserManager that you can have injected, you can get the user profile. So now you only need to store who made the request and check against that when the user downloads the file.

Does that help?