Package graphql.introspection
Class Introspection
java.lang.Object
graphql.introspection.Introspection
GraphQl has a unique capability called Introspection that allow
consumers to inspect the system and discover the fields and types available and makes the system self documented.
Some security recommendations such as OWASP
recommend that introspection be disabled in production. The enabledJvmWide(boolean)
method can be used to disable
introspection for the whole JVM or you can place INTROSPECTION_DISABLED
into the GraphQLContext
of a request
to disable introspection for that request.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enum
static enum
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final GraphQLObjectType
static final GraphQLEnumType
static final GraphQLObjectType
static final GraphQLObjectType
static final GraphQLObjectType
static final GraphQLObjectType
static final GraphQLObjectType
static final GraphQLEnumType
private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> static final String
Placing a boolean value under this key in the per requestGraphQLContext
will enable or disable Introspection on that request.private static final AtomicBoolean
private static final Map
<FieldCoordinates, IntrospectionDataFetcher<?>> private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> static final GraphQLFieldDefinition
static final IntrospectionDataFetcher
<?> private static final IntrospectionDataFetcher
<?> static final GraphQLFieldDefinition
static final IntrospectionDataFetcher
<?> static final GraphQLFieldDefinition
static final IntrospectionDataFetcher
<?> -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic void
addCodeForIntrospectionTypes
(GraphQLCodeRegistry.Builder codeRegistry) static GraphQLFieldDefinition
buildSchemaField
(GraphQLObjectType introspectionSchemaType) static GraphQLFieldDefinition
buildTypeField
(GraphQLObjectType introspectionSchemaType) static boolean
enabledJvmWide
(boolean enabled) This static method will enable / disable Introspection at a JVM wide level.static GraphQLFieldDefinition
getFieldDef
(GraphQLSchema schema, GraphQLCompositeType parentType, String fieldName) This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolutionstatic boolean
private static boolean
isIntrospectionEnabled
(GraphQLContext graphQlContext) static Optional
<ExecutionResult> isIntrospectionSensible
(MergedSelectionSet mergedSelectionSet, ExecutionContext executionContext) This will look in to the field selection set and see if there are introspection fields, and if there is,it checks if introspection should run, and if not it will return an erroredExecutionResult
that can be returned to the user.static boolean
private static @NotNull Optional
<ExecutionResult> mkDisabledError
(MergedField schemaField) private static String
printDefaultValue
(InputValueWithState inputValueWithState, GraphQLInputType type, GraphQLContext graphQLContext, Locale locale) private static void
register
(GraphQLFieldsContainer parentType, String fieldName, IntrospectionDataFetcher<?> introspectionDataFetcher) private static <T> void
register
(GraphQLFieldsContainer parentType, String fieldName, Class<T> targetClass, Function<T, Object> getter) To help runtimes such as graalvm, we make sure we have an explicit data fetchers rather then usePropertyDataFetcher
and its reflective mechanisms.
-
Field Details
-
INTROSPECTION_DISABLED
Placing a boolean value under this key in the per requestGraphQLContext
will enable or disable Introspection on that request.- See Also:
-
INTROSPECTION_ENABLED_STATE
-
introspectionDataFetchers
-
__TypeKind
-
kindDataFetcher
-
nameDataFetcher
-
descriptionDataFetcher
-
__InputValue
-
__Field
-
__EnumValue
-
fieldsFetcher
-
interfacesFetcher
-
possibleTypesFetcher
-
enumValuesTypesFetcher
-
inputFieldsFetcher
-
OfTypeFetcher
-
specifiedByUrlDataFetcher
-
isOneOfFetcher
-
__Type
-
__DirectiveLocation
-
__Directive
-
__Schema
-
SchemaMetaFieldDef
-
TypeMetaFieldDef
-
TypeNameMetaFieldDef
-
INTROSPECTION_SYSTEM_FIELDS
-
SchemaMetaFieldDefDataFetcher
-
TypeMetaFieldDefDataFetcher
-
TypeNameMetaFieldDefDataFetcher
-
introspectionTypes
-
-
Constructor Details
-
Introspection
public Introspection()
-
-
Method Details
-
enabledJvmWide
public static boolean enabledJvmWide(boolean enabled) This static method will enable / disable Introspection at a JVM wide level.- Parameters:
enabled
- the flag indicating the desired enabled state- Returns:
- the previous state of enablement
-
isEnabledJvmWide
public static boolean isEnabledJvmWide()- Returns:
- true if Introspection is enabled at a JVM wide level or false otherwise
-
isIntrospectionSensible
public static Optional<ExecutionResult> isIntrospectionSensible(MergedSelectionSet mergedSelectionSet, ExecutionContext executionContext) This will look in to the field selection set and see if there are introspection fields, and if there is,it checks if introspection should run, and if not it will return an erroredExecutionResult
that can be returned to the user.- Parameters:
mergedSelectionSet
- the fields to be executedexecutionContext
- the execution context in play- Returns:
- an optional error result
-
mkDisabledError
-
isIntrospectionEnabled
-
register
private static void register(GraphQLFieldsContainer parentType, String fieldName, IntrospectionDataFetcher<?> introspectionDataFetcher) -
register
private static <T> void register(GraphQLFieldsContainer parentType, String fieldName, Class<T> targetClass, Function<T, Object> getter) To help runtimes such as graalvm, we make sure we have an explicit data fetchers rather then usePropertyDataFetcher
and its reflective mechanisms. This is not reflective because we have the class- Type Parameters:
T
- for two- Parameters:
parentType
- the containing parent typefieldName
- the field nametargetClass
- the target class of the gettergetter
- the function to call to get a value of T
-
addCodeForIntrospectionTypes
-
printDefaultValue
private static String printDefaultValue(InputValueWithState inputValueWithState, GraphQLInputType type, GraphQLContext graphQLContext, Locale locale) -
buildSchemaField
-
buildTypeField
-
isIntrospectionTypes
-
getFieldDef
public static GraphQLFieldDefinition getFieldDef(GraphQLSchema schema, GraphQLCompositeType parentType, String fieldName) This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolution- Parameters:
schema
- the schema to useparentType
- the type of the parent objectfieldName
- the field to look up- Returns:
- a field definition otherwise throws an assertion exception if it's null
-