Shane,
This is certainly possible and there are lots of different ways to skin this particular cat.
One would be to have a filter that intercepts the request to the base64 encoded identifier and it works out the real resource. It then does an RequestDispatcher.forward to a named dispatcher obtained for "default", which is the jetty default servlet. This way the real path is hidden from the client.
Another way to proceed is to write a servlet that uses the Jetty APIs directly for sending the file efficiently and asynchronously. This may be able to offer you more flexibility.
The decision to use fast memory mapped buffers could depend somewhat if the file is to be served only once or many many times. If it is to be served only once, it may be better to have a large direct buffer that reads/writes the content. Jetty-9 has some APIs to do that with file channels.
However, I still am a bit vague about some of the details of you scheme. What dose the X-Accel-Redirect header do? Is it the client that handles that header? or is it just doing some signalling between the CFML and nginx?