Platform Explorer / server 10.10

Extension point policies

Extension point to register custom security policies or override existing policies.

Policies are checked in the order they are defined. They can grant or deny access, in case following policies - as well as the default security check relying on the acp set on the document - will be ignored. They can also return an undefined access, in case following policy checks will continue.

Example to define a custom policy :

    <policy class="org.nuxeo.ecm.core.security.LockSecurityPolicy"
        name="lock" order="10"/>

The class used has to implement the org.nuxeo.ecm.core.security.SecurityPolicy interface.

It is later possible to override that definition in another contribution to that extension-point to disable or override a policy:

    <policy enabled="false" name="lock"/>
    <policy class="org.nuxeo.ecm.core.security.LockSecurityPolicy"
        name="lock" order="20"/>

Contribution Descriptor

Existing Contributions

  • nuxeo-platform-mail-core-10.10.jar /OSGI-INF/security-policy-contrib.xml
    <extension point="policies" target="org.nuxeo.ecm.core.security.SecurityService">
        <policy class="org.nuxeo.ecm.platform.mail.security.MailMessageSecurityPolicy" name="MailMessage"/>
      </extension>
  • nuxeo-core-10.10.jar /OSGI-INF/security-policy-contrib.xml
    <extension point="policies" target="org.nuxeo.ecm.core.security.SecurityService">
    
        <documentation>
          The lock security policy checks if a lock is set on the document, in case
          it denies write access to everyone except to the user who locked it.
        </documentation>
        <policy class="org.nuxeo.ecm.core.security.LockSecurityPolicy" name="lock" order="10"/>
    
      </extension>