Platform Explorer / Nuxeo Platform LTS 2019 10.10

Extension point policies

Extension point to register custom security policies or override existing policies.

Policies are checked in the order they are defined. They can grant or deny access, in case following policies - as well as the default security check relying on the acp set on the document - will be ignored. They can also return an undefined access, in case following policy checks will continue.

Example to define a custom policy :

    <policy class=""
        name="lock" order="10"/>

The class used has to implement the interface.

It is later possible to override that definition in another contribution to that extension-point to disable or override a policy:

    <policy enabled="false" name="lock"/>
    <policy class=""
        name="lock" order="20"/>

Contribution Descriptor

Existing Contributions

  • nuxeo-core-10.10.jar /OSGI-INF/security-policy-contrib.xml
    <extension point="policies" target="">
          The lock security policy checks if a lock is set on the document, in case
          it denies write access to everyone except to the user who locked it.
        <policy class="" name="lock" order="10"/>
  • nuxeo-platform-mail-core-10.10.jar /OSGI-INF/security-policy-contrib.xml
    <extension point="policies" target="">
        <policy class="" name="MailMessage"/>