Platform Explorer / Nuxeo Platform 2023.23

Extension point policies

Documentation

Extension point to register custom security policies or override existing policies.

Policies are checked in the order they are defined. They can grant or deny access, in case following policies - as well as the default security check relying on the acp set on the document - will be ignored. They can also return an undefined access, in case following policy checks will continue.

Example to define a custom policy :

    <policy class="org.nuxeo.ecm.core.security.LockSecurityPolicy"
        name="lock" order="10"/>

The class used has to implement the org.nuxeo.ecm.core.security.SecurityPolicy interface.

It is later possible to override that definition in another contribution to that extension-point to disable or override a policy:

    <policy enabled="false" name="lock"/>
    <policy class="org.nuxeo.ecm.core.security.LockSecurityPolicy"
        name="lock" order="20"/>

Contribution Descriptors

  • Class: org.nuxeo.ecm.core.security.SecurityPolicyDescriptor

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-core-2023.23.15.jar /OSGI-INF/security-policy-contrib.xml
    <extension point="policies" target="org.nuxeo.ecm.core.security.SecurityService">
    
        <documentation>
          The lock security policy checks if a lock is set on the document, in case
          it denies write access to everyone except to the user who locked it.
        </documentation>
        <policy class="org.nuxeo.ecm.core.security.LockSecurityPolicy" name="lock" order="10"/>
    
      </extension>
  • nuxeo-core-2023.23.15.jar /OSGI-INF/retention-and-hold-contrib.xml
    <extension point="policies" target="org.nuxeo.ecm.core.security.SecurityService">
        <documentation>
          The retention and hold security policy prevents deletion of a document
          when it is under retention or has a legal hold.
        </documentation>
        <policy class="org.nuxeo.ecm.core.security.RetentionAndHoldSecurityPolicy" name="retentionAndHold" order="1"/>
      </extension>
  • nuxeo-platform-mail-2023.23.15.jar /OSGI-INF/security-policy-contrib.xml
    <extension point="policies" target="org.nuxeo.ecm.core.security.SecurityService">
        <policy class="org.nuxeo.ecm.platform.mail.security.MailMessageSecurityPolicy" name="MailMessage"/>
      </extension>