Class Introspection

java.lang.Object
graphql.introspection.Introspection

@PublicApi public class Introspection extends Object
GraphQl has a unique capability called Introspection that allow consumers to inspect the system and discover the fields and types available and makes the system self documented.

Some security recommendations such as OWASP recommend that introspection be disabled in production. The enabledJvmWide(boolean) method can be used to disable introspection for the whole JVM or you can place INTROSPECTION_DISABLED into the GraphQLContext of a request to disable introspection for that request.

  • Field Details

  • Constructor Details

    • Introspection

      public Introspection()
  • Method Details

    • enabledJvmWide

      public static boolean enabledJvmWide(boolean enabled)
      This static method will enable / disable Introspection at a JVM wide level.
      Parameters:
      enabled - the flag indicating the desired enabled state
      Returns:
      the previous state of enablement
    • isEnabledJvmWide

      public static boolean isEnabledJvmWide()
      Returns:
      true if Introspection is enabled at a JVM wide level or false otherwise
    • isIntrospectionSensible

      public static Optional<ExecutionResult> isIntrospectionSensible(MergedSelectionSet mergedSelectionSet, ExecutionContext executionContext)
      This will look in to the field selection set and see if there are introspection fields, and if there is,it checks if introspection should run, and if not it will return an errored ExecutionResult that can be returned to the user.
      Parameters:
      mergedSelectionSet - the fields to be executed
      executionContext - the execution context in play
      Returns:
      an optional error result
    • mkDisabledError

      @NotNull private static @NotNull Optional<ExecutionResult> mkDisabledError(MergedField schemaField)
    • isIntrospectionEnabled

      private static boolean isIntrospectionEnabled(GraphQLContext graphQlContext)
    • register

      private static void register(GraphQLFieldsContainer parentType, String fieldName, IntrospectionDataFetcher<?> introspectionDataFetcher)
    • register

      private static <T> void register(GraphQLFieldsContainer parentType, String fieldName, Class<T> targetClass, Function<T,Object> getter)
      To help runtimes such as graalvm, we make sure we have an explicit data fetchers rather then use PropertyDataFetcher and its reflective mechanisms. This is not reflective because we have the class
      Type Parameters:
      T - for two
      Parameters:
      parentType - the containing parent type
      fieldName - the field name
      targetClass - the target class of the getter
      getter - the function to call to get a value of T
    • addCodeForIntrospectionTypes

      public static void addCodeForIntrospectionTypes(GraphQLCodeRegistry.Builder codeRegistry)
    • printDefaultValue

      private static String printDefaultValue(InputValueWithState inputValueWithState, GraphQLInputType type, GraphQLContext graphQLContext, Locale locale)
    • buildSchemaField

      public static GraphQLFieldDefinition buildSchemaField(GraphQLObjectType introspectionSchemaType)
    • buildTypeField

      public static GraphQLFieldDefinition buildTypeField(GraphQLObjectType introspectionSchemaType)
    • isIntrospectionTypes

      public static boolean isIntrospectionTypes(GraphQLNamedType type)
    • getFieldDef

      public static GraphQLFieldDefinition getFieldDef(GraphQLSchema schema, GraphQLCompositeType parentType, String fieldName)
      This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolution
      Parameters:
      schema - the schema to use
      parentType - the type of the parent object
      fieldName - the field to look up
      Returns:
      a field definition otherwise throws an assertion exception if it's null