File Download Security Policies | Nuxeo Documentation

Documentation

• Docs Home
• Getting Started
• Server
• Nuxeo Cloud
• Web UI
• Digital Asset Management
• Client Applications
• Addons
• Client SDKs
• Studio
• Tools for the Nuxeo Platform

What's New

• May 20, 2021 Nuxeo Design Guidelines Read More
• May 20, 2021 Supported File Formats Read More
• May 20, 2021 Contribute Picture Conversions Read More
• May 20, 2021 Quickstart with Nuxeo Platform and Docker Read More

• Server
• Installation
• Compatibility Matrix
• Install Nuxeo with the Docker Image
• Quickstart with Nuxeo Platform and Docker
• Build a Custom Docker Image
• Install Nuxeo With the ZIP Distribution
• Installing and Setting Up Related Software
• Server Start and Stop
• Linux Tutorials
• Configuring the Nuxeo Platform as a Daemon with SysVinit
• Configuring the Nuxeo Platform as a Daemon with Systemd
• Windows Tutorials
• Installing the Nuxeo Platform as a Windows Service
• Running Multiple Server Instances in Windows
• Install in Kubernetes With Nuxeo Helm Chart
• Nuxeo Cluster Architecture
• Nuxeo Architecture Introduction
• Nuxeo Architecture Components
• Load Balancers
• Reverse Proxy
• Nuxeo Server
• File Storage
• Data Storage
• Search Engines
• Messaging system
• PubSub Service
• Nuxeo Reference Architectures
• Compact Architecture with Kafka
• Distributed Architecture with Kafka
• Nuxeo Scalability Options
• nuxeoctl and Control Panel Usage
• Registering your Nuxeo Instance
• Nuxeo Storage Alternatives
• How to Estimate Volume Usage
• Platform as a Service
• Administration
• Configuration Parameters Index (nuxeo.conf)
• Configuration Templates
• Maintenance
• Backup and Restore
• Purging Audit Logs (NXP_LOGS)
• Counting Documents
• Garbage-Collecting Orphaned Blobs
• Garbage-Collecting Orphaned Binaries (deprecated)
• Nuxeo Admin Console
• Admin Console Release Notes
• Version 25.0.7
• Streams feature
• Reporting Problems
• Hotfixes Installation Notes
• JSF UI Admin Tab Overview
• Monitoring and Observability
• Health Check
• Logs
• Metrics
• Tracing
• Profiling
• Sensitive Configuration Data Encryption
• Performances
• Managing Performance
• Tracking the Performance of the Nuxeo Platform
• Security Recommendations
• Setup Best Practices
• HTTP and HTTPS Reverse-Proxy Configuration
• Internet Information Services (IIS)
• File Storage Configuration
• Database Configuration
• MongoDB
• PostgreSQL
• MySQL
• MariaDB
• Oracle
• Microsoft SQL Server
• Connecting Nuxeo to the Database
• H2 Limitations
• Search Setup
• Kafka
• Multiple Repositories Configuration
• Implementing Encryption
• Trust Store and Key Store Configuration
• Set Up Email Notification
• WorkManager Dead Letter Queue (DLQ)
• Repository Configuration
• Ports Usage and Firewall Considerations
• VCS Read ACLs
• JDBC Datasource
• Nuxeo Shell
• Nuxeo Shell Command Index
• Built-in Commands
• Filesystem Commands
• Nuxeo Server Commands
• Nuxeo Automation Commands
• Configuration Commands
• Nuxeo Shell Batch Mode
• Extending The Shell
• Shell Features
• Shell Commands
• Shell Namespaces
• Shell Documentation
• HOWTO: Change Context Path
• HOWTO: Clean Up Content
• HOWTO: Autoscale Worker Nodes
• Upgrade
• Upgrade from LTS 2023 to LTS 2025
• How to upgrade to LTS 2025.0
• How to upgrade to Jakarta EE 10
• How to upgrade to Jakarta RS 3 - WebEngine
• How to upgrade to New Search Service
• How to upgrade Nuxeo REST Tests
• How to upgrade Nuxeo Audit Service
• Upgrade from LTS 2021 to LTS 2023
• Upgrade from LTS 2019 to LTS 2021
• Upgrade from LTS 2017 to LTS 2019
• Upgrade from LTS 2017 following Fast Tracks
• Upgrade from LTS 2016 to LTS 2017
• Upgrade from LTS 2016 following Fast Tracks
• Upgrade from LTS 2015 to LTS 2016
• Upgrade from LTS 2015 following Fast Tracks
• Upgrade from 5.8 to 6.0
• Upgrade from 5.6 to 5.8
• Upgrade from 5.3.2 to 5.4.0
• From the old workflow system to the new 5.4 workflow system
• REST API
• REST API Endpoints
• Document Resource Endpoints
• Search Resource Endpoints
• Workflow and Task Resource Endpoints
• Batch Upload Resource Endpoint
• OAuth2 Resource Endpoint
• Command Endpoints
• Filtering Exposed Operations
• Query Endpoint (Deprecated)
• REST API Entity Types
• Special HTTP Headers
• Content Enrichers
• Error Handling
• REST API Web Adapters
• Request Authentication
• Nuxeo API Playground
• Allowed Hosts Configuration
• CMIS
• Cross-Origin Resource Sharing (CORS)
• JSON Marshalling
• Default JSON Marshallers
• Overriding Existing Marshallers
• Creating Your Own Marshaller
• Parameterizing and Reusing Marshallers
• Document JSON and Extended Fields
• Testing JSON Data
• WebDAV
• REST API HOWTOs
• HOWTO: Upload a File in Nuxeo Using REST API
• HOWTO: Contribute to the REST API
• HOWTO: Develop with Angular2
• Authentication and User Management
• Authentication Chain Principles
• Form-Based Authentication
• Basic HTTP Authentication
• Anonymous Authentication
• LDAP and Active Directory
• Generic SSO Authentication
• SSO with Portals
• SAML 2.0 Authentication
• OAuth 2
• Using OpenID / OAuth2 in Login Screen
• Shibboleth Authentication
• Kerberos Authentication
• CAS2 Authentication
• NTLM and IE Challenge/Response
• Nuxeo DuoWeb Two-Factor Authentication
• Authentication and User Management Tutorials
• How to Add Custom LDAP Fields to the UI
• How to Define Public Pages (Viewable by Anonymous Users)
• HOWTO: Add New Fields to the User or Group Schema
• HOWTO: Assign a Task to the User Manager
• How to Configure a Multidirectory for Users and Groups
• HOWTO: Implement Local Groups or Roles Using Computed Groups
• Data Store
• Data Modeling
• Field Constraints and Validation
• Schema Fields
• Versioning
• Available Facets
• Downloading Files
• Audit
• Data Lists and Directories
• Directory and UI
• HOWTO: Add a New Vocabulary
• HOWTO: Translate a Vocabulary
• HOWTO: Configure a New Directory Cache
• HOWTO: Populate a Directory With a CSV File
• Tutorials
• HOWTO: Export Data Using Document Template and Automation
• HOWTO: Define a Document Type
• HOWTO: Override Existing Document Types
• HOWTO: Add Complex Fields on Your Document Type
• HOWTO: Use the Trash Feature
• HOWTO: Enable Addons Features on Custom Document Type
• HOWTO: Customize Document Validation
• Persistence Architecture
• File Storage
• Visible Content Store (VCS)
• Internal VCS Model
• VCS Tables
• Examples of SQL Generated by VCS
• Java Data Structures and Caching
• Performance Recommendations
• Document-Based Storage (DBS)
• DBS Cache
• Indexing and Query
• NXQL
• Full-Text Queries
• Page Providers
• Page Provider Aggregates
• Configuring the Search Mapping
• Search Indexing Logic
• Search Highlights
• Moving Load from Database to Search Engine
• Search Passthrough
• NXQL Hints Cheat Sheet
• HOWTO: Expose OpenSearch/Elasticsearch Hint as Extension Point
• Quick Search
• Indexing and Querying How-To Index
• HOWTO: Fetch Documents with a Query on Date Parameters
• HOWTO: Configure a New Default Search Form in the Search Tab
• Using CMISQL from Java
• HOWTO: Make a Page Provider or Content View Query OpenSearch Index
• HOWTO: Configure a Search Filter With Facets and Other Aggregates
• Security
• ACLs
• Nuxeo Security System
• Security Policy Service
• HOWTO: Grant the Edit Permission without the Remove Permission
• File Download Security Policies
• Events and Messages
• Common Events
• Scheduling Periodic Events
• Nuxeo Stream
• Work and WorkManager
• Bulk Action Framework
• Bulk Actions Directory
• Events and Messages How To Index
• HOWTO: Customize Email Templates
• Platform Services
• Automation
• Content Automation Concepts
• Operations Index
• Automation Chain
• Automation Scripting
• Contributing an Operation
• Use of MVEL in Automation Chains
• Calling Automation from Java
• Calling Automation Using cURL
• Automation Chain Exception
• Debugging Automation Chains
• Automation Tracing
• Contributing New Input-Output Types
• Returning a Custom Result with Automation
• Document Templates and Automation Rendering
• Automation REST Response
• Automation Helpers
• Automation How-To Index
• HOWTO: Manage Relations on a Document
• HOWTO: Create an Automation Chain
• HOWTO: Fetch a Document by Its ID or Path
• HOWTO: Inherit Metadata from a Parent Document
• HOWTO: Quickly Generate a PDF Using Document Template
• HOWTO: Write Reusable Automation Chains
• Workflow
• Useful Definitions
• Workflow Models Packaging
• Runtime Instantiation & Execution Logic
• Workflow Instance Properties
• Workflow Node Properties
• Escalation Service
• About Tasks
• Workflow APIs
• Variables Available in the Automation Context
• Workflow Audit Log
• Workflow Naming Conventions
• Workflow Engine FAQ
• Workflow How-To Index
• HOWTO: Query Workflow Objects
• HOWTO: Modify a Workflow Variable outside of Workflow Context
• HOWTO: Complete a Workflow Task Programmatically
• HOWTO: Set Up a Tasks Dashboard
• HOWTO: Refresh the Task Widget on the Summary Tab
• HOWTO: Display a Button/a Tab Only When a Workflow Is Started
• HOWTO: Set a Default Value on a Date Field of a Task Form
• HOWTO: Programmatically test a workflow
• HOWTO: Add a "Save Work in Progress" Option on a Task
• HOWTO: Follow a Transition If User Is Member of a Group
• HOWTO: Make a Simple Task Assignment to One or Many Users
• Conversion
• HOWTO: Automatically Convert a Document to PDF
• HOWTO: Use PDF conversion operations with Nuxeo Studio
• HOWTO: Contribute a Command Line Converter
• Conversion How-To Index
• File Manager
• HOWTO: Change the Default Document Type When Importing a File in the Nuxeo Platform?
• Import / Export API
• Data Visualization
• Collections
• Preview
• Tagging
• Thumbnail
• Trash Service
• Publisher
• Binary Metadata
• WebEngine (Jakarta-RS)
• Default WebEngine Applications
• Session and Transaction Management
• WebEngine Tutorials
• Hello World
• Using FreeMarker Template Language (FTL)
• Web Object Model
• Working with Documents
• Module Extensibility
• Renditions
• Transient Store
• Comments / Annotations
• Batch Handler
• Runtime and Component Model
• Understanding Bundles Deployment
• Tutorials
• HOWTO: Contribute to an Extension
• HOWTO: Use the Runtime Java API
• HOWTO: Create an Empty Bundle
• HOWTO: Write a Bundle Manifest
• HOWTO: Create a Service
• HOWTO: Define a Runtime XMap Object
• Nuxeo Integration
• Call an External Application From Nuxeo
• Call Nuxeo From an External Application
• Nuxeo Server Tutorials
• Nuxeo Server LTS 2025 Release Notes
• LTS 2025.0 / LTS 2025-HF00
• LTS 2025.1 / LTS 2025-HF01
• LTS 2025.10 / LTS 2025-HF10
• LTS 2025.11 / LTS 2025-HF11
• LTS 2025.2 / LTS 2025-HF02
• LTS 2025.3 / LTS 2025-HF03
• LTS 2025.4 / LTS 2025-HF04
• LTS 2025.5 / LTS 2025-HF05
• LTS 2025.6 / LTS 2025-HF06
• LTS 2025.7 / LTS 2025-HF07
• LTS 2025.8 / LTS 2025-HF08
• LTS 2025.9 / LTS 2025-HF09
• Nuxeo Platform and Data Privacy
• Nuxeo Release Cycle
• Advanced Topics
• Integrating with JPA
• Adding an Antivirus
• Nuxeo Distributions

Home > Server > Data Store > Security > File Download Security Policies Server File Download Security Policies Updated: December 19, 2025

• Version: LTS 2025
  • LTS 2025
  • LTS 2023
  • LTS 2021
  • LTS 2019
  • LTS 2017
  • LTS 2016

Hyland University Watch the related courses on Hyland University

• Video on Setting up a File Download Security Policy. ×

In addition to the permissions applying to a document, which restrict access to a document as a whole, it's possible to specify more fine-grained permissions to disallow the download of some file attachments.

If you are looking to dynamically restrict access to whole documents depending on a set of conditions and not to its attachments only, you should have a look at the Security Policy Service documentation.

File download security policies apply to all blobs in the Platform. Your security filters need to be specific enough in order to avoid possible side-effects. Make sure to use the available variables at your disposal to check you are in the right use case first.

Possible side-effects you may want to check for include:

• Show graph feature in a workflow.
• User suggestion widget, for instance in the admin tab, users & groups menu, when editing the groups a user belongs to.

Download Permissions

To additionally restrict the download of a given blob inside a document, you can contribute to the following extension point:

<extension target="org.nuxeo.ecm.core.io.download.DownloadService" point="permissions"> <permission name="myperm"> <script language="JavaScript"> function run() { if (CurrentUser.getName() != "bob") { return false; } return true; } </script> </permission> </extension>

The above is an example script that will prevent download if the user is not "bob".

The language can be any JVM scripting language, the default is "JavaScript".

The <script> must define a run() function that returns a boolean:

• true means that downloading the blob is not forbidden by this permission (but other permission rules could forbid it),
• false means that downloading the blob is forbidden.

If there are several permissions defined, a single one returning false is sufficient to forbid the blob download.

The run() method will get called with the following global context (some values may be null for non-standard download methods):

• Document (DocumentModel): the document in which the blob is stored. This may be null for dynamically computed dowloads (ZIP exports, EL, Automation results).
• XPath (String): the xpath at which the blob is stored in the document. This may be null if there is no document (see above), or if the blob was not stored in the document but just computed from it (renditions, thumbnail).
• Blob (Blob): the blob itself.
• CurrentUser (NuxeoPrincipal): the current user.
• Reason (String): the download "reason", which gives an indication of the source of the download:
  • download: file downloads from the download servlet, Automation, WebEngine, REST API, Seam or Restlets.
  • picture: downloadPicture codec (the XPath is then one of OriginalJpeg:content, Medium:content, Small:content, Thumbnail:content, etc.).
  • thumbnail: downloadThumbnail codec.
  • workListXML: worklist XML export.
  • pdfConversion: PDF conversion.
  • el: EL-triggered download.
  • operation: Automation operation (WebUI.DownloadFile / Seam.DownloadFile).
  • rendition: rendition.
  • templateRendition: template rendition.
  • webengine: WebEngine JSON responses. Includes Automation and REST API calls.
  • contentDiff: content diff display.
  • tile: image tiling display.
  • preview: preview display restlet.
• Rendition (String): the rendition name, if this is a rendition.
• Infos (Map): the ExtendedInfos map passed internally to the download method.

Example

Here is a more complex (if unrealistic) example that uses most of the available context variables:

<extension target="org.nuxeo.ecm.core.io.download.DownloadService" point="permissions"> <permission name="myperm"> <script> function run() { if (CurrentUser.getName() != "bob") { return false; } if (!CurrentUser.getGroups().contains("members")) { return false; } if (Document.getPropertyValue("dc:format") != "pdf") { return false; } if (Reason != "rendition") { return false; } if (Rendition != "myrendition") { return false; } if (Blob.getFilename() != "myfile.txt") { return false; } if (XPath == "file:content" || XPath == "blobholder:0") { return false; } return true; } </script> </permission> </extension>

Debugging

If you launched your Nuxeo instance in console mode (./nuxeoctl console), you can print output to the terminal for easier debugging. For instance, getting the available variables is done as following:

<extension target="org.nuxeo.ecm.core.io.download.DownloadService" point="permissions"> <permission name="myperm"> <script language="JavaScript"> function run() { print("doc " + (Document == null ? "null" : Document.getId())); print("filename " + (Blob == null ? "null" : Blob.getFilename())); print("xpath " + XPath); print("user " + CurrentUser.getName()); print("reason " + Reason); print("rendition " + Rendition); return true; } </script> </permission> </extension> On this page

• Download Permissions
• Example
• Debugging

• Documentation versions
• LTS 2025
• LTS 2023
• LTS 2021
• LTS 2019
• LTS 2017
• LTS 2016