Package graphql.introspection
Class Introspection
- java.lang.Object
-
- graphql.introspection.Introspection
-
@PublicApi public class Introspection extends java.lang.Object
GraphQl has a unique capability called Introspection that allow consumers to inspect the system and discover the fields and types available and makes the system self documented.Some security recommendations such as OWASP recommend that introspection be disabled in production. The
enabledJvmWide(boolean)
method can be used to disable introspection for the whole JVM or you can placeINTROSPECTION_DISABLED
into theGraphQLContext
of a request to disable introspection for that request.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
Introspection.DirectiveLocation
static class
Introspection.TypeKind
-
Field Summary
-
Constructor Summary
Constructors Constructor Description Introspection()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
addCodeForIntrospectionTypes(GraphQLCodeRegistry.Builder codeRegistry)
static GraphQLFieldDefinition
buildSchemaField(GraphQLObjectType introspectionSchemaType)
static GraphQLFieldDefinition
buildTypeField(GraphQLObjectType introspectionSchemaType)
static boolean
enabledJvmWide(boolean enabled)
This static method will enable / disable Introspection at a JVM wide level.static GraphQLFieldDefinition
getFieldDef(GraphQLSchema schema, GraphQLCompositeType parentType, java.lang.String fieldName)
This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolutionstatic boolean
isEnabledJvmWide()
private static boolean
isIntrospectionEnabled(GraphQLContext graphQlContext)
static java.util.Optional<ExecutionResult>
isIntrospectionSensible(MergedSelectionSet mergedSelectionSet, ExecutionContext executionContext)
This will look in to the field selection set and see if there are introspection fields, and if there is,it checks if introspection should run, and if not it will return an erroredExecutionResult
that can be returned to the user.static boolean
isIntrospectionTypes(GraphQLNamedType type)
private static @NotNull java.util.Optional<ExecutionResult>
mkDisabledError(MergedField schemaField)
private static java.lang.String
printDefaultValue(InputValueWithState inputValueWithState, GraphQLInputType type, GraphQLContext graphQLContext, java.util.Locale locale)
private static void
register(GraphQLFieldsContainer parentType, java.lang.String fieldName, IntrospectionDataFetcher<?> introspectionDataFetcher)
private static <T> void
register(GraphQLFieldsContainer parentType, java.lang.String fieldName, java.lang.Class<T> targetClass, java.util.function.Function<T,java.lang.Object> getter)
To help runtimes such as graalvm, we make sure we have an explicit data fetchers rather then usePropertyDataFetcher
and its reflective mechanisms.
-
-
-
Field Detail
-
INTROSPECTION_DISABLED
public static final java.lang.String INTROSPECTION_DISABLED
Placing a boolean value under this key in the per requestGraphQLContext
will enable or disable Introspection on that request.- See Also:
- Constant Field Values
-
INTROSPECTION_ENABLED_STATE
private static final java.util.concurrent.atomic.AtomicBoolean INTROSPECTION_ENABLED_STATE
-
introspectionDataFetchers
private static final java.util.Map<FieldCoordinates,IntrospectionDataFetcher<?>> introspectionDataFetchers
-
__TypeKind
public static final GraphQLEnumType __TypeKind
-
kindDataFetcher
private static final IntrospectionDataFetcher<?> kindDataFetcher
-
nameDataFetcher
private static final IntrospectionDataFetcher<?> nameDataFetcher
-
descriptionDataFetcher
private static final IntrospectionDataFetcher<?> descriptionDataFetcher
-
__InputValue
public static final GraphQLObjectType __InputValue
-
__Field
public static final GraphQLObjectType __Field
-
__EnumValue
public static final GraphQLObjectType __EnumValue
-
fieldsFetcher
private static final IntrospectionDataFetcher<?> fieldsFetcher
-
interfacesFetcher
private static final IntrospectionDataFetcher<?> interfacesFetcher
-
possibleTypesFetcher
private static final IntrospectionDataFetcher<?> possibleTypesFetcher
-
enumValuesTypesFetcher
private static final IntrospectionDataFetcher<?> enumValuesTypesFetcher
-
inputFieldsFetcher
private static final IntrospectionDataFetcher<?> inputFieldsFetcher
-
OfTypeFetcher
private static final IntrospectionDataFetcher<?> OfTypeFetcher
-
specifiedByUrlDataFetcher
private static final IntrospectionDataFetcher<?> specifiedByUrlDataFetcher
-
isOneOfFetcher
private static final IntrospectionDataFetcher<?> isOneOfFetcher
-
__Type
public static final GraphQLObjectType __Type
-
__DirectiveLocation
public static final GraphQLEnumType __DirectiveLocation
-
__Directive
public static final GraphQLObjectType __Directive
-
__Schema
public static final GraphQLObjectType __Schema
-
SchemaMetaFieldDef
public static final GraphQLFieldDefinition SchemaMetaFieldDef
-
TypeMetaFieldDef
public static final GraphQLFieldDefinition TypeMetaFieldDef
-
TypeNameMetaFieldDef
public static final GraphQLFieldDefinition TypeNameMetaFieldDef
-
INTROSPECTION_SYSTEM_FIELDS
public static final java.util.Set<java.lang.String> INTROSPECTION_SYSTEM_FIELDS
-
SchemaMetaFieldDefDataFetcher
public static final IntrospectionDataFetcher<?> SchemaMetaFieldDefDataFetcher
-
TypeMetaFieldDefDataFetcher
public static final IntrospectionDataFetcher<?> TypeMetaFieldDefDataFetcher
-
TypeNameMetaFieldDefDataFetcher
public static final IntrospectionDataFetcher<?> TypeNameMetaFieldDefDataFetcher
-
introspectionTypes
private static final java.util.Set<java.lang.String> introspectionTypes
-
-
Method Detail
-
enabledJvmWide
public static boolean enabledJvmWide(boolean enabled)
This static method will enable / disable Introspection at a JVM wide level.- Parameters:
enabled
- the flag indicating the desired enabled state- Returns:
- the previous state of enablement
-
isEnabledJvmWide
public static boolean isEnabledJvmWide()
- Returns:
- true if Introspection is enabled at a JVM wide level or false otherwise
-
isIntrospectionSensible
public static java.util.Optional<ExecutionResult> isIntrospectionSensible(MergedSelectionSet mergedSelectionSet, ExecutionContext executionContext)
This will look in to the field selection set and see if there are introspection fields, and if there is,it checks if introspection should run, and if not it will return an erroredExecutionResult
that can be returned to the user.- Parameters:
mergedSelectionSet
- the fields to be executedexecutionContext
- the execution context in play- Returns:
- an optional error result
-
mkDisabledError
@NotNull private static @NotNull java.util.Optional<ExecutionResult> mkDisabledError(MergedField schemaField)
-
isIntrospectionEnabled
private static boolean isIntrospectionEnabled(GraphQLContext graphQlContext)
-
register
private static void register(GraphQLFieldsContainer parentType, java.lang.String fieldName, IntrospectionDataFetcher<?> introspectionDataFetcher)
-
register
private static <T> void register(GraphQLFieldsContainer parentType, java.lang.String fieldName, java.lang.Class<T> targetClass, java.util.function.Function<T,java.lang.Object> getter)
To help runtimes such as graalvm, we make sure we have an explicit data fetchers rather then usePropertyDataFetcher
and its reflective mechanisms. This is not reflective because we have the class- Type Parameters:
T
- for two- Parameters:
parentType
- the containing parent typefieldName
- the field nametargetClass
- the target class of the gettergetter
- the function to call to get a value of T
-
addCodeForIntrospectionTypes
public static void addCodeForIntrospectionTypes(GraphQLCodeRegistry.Builder codeRegistry)
-
printDefaultValue
private static java.lang.String printDefaultValue(InputValueWithState inputValueWithState, GraphQLInputType type, GraphQLContext graphQLContext, java.util.Locale locale)
-
buildSchemaField
public static GraphQLFieldDefinition buildSchemaField(GraphQLObjectType introspectionSchemaType)
-
buildTypeField
public static GraphQLFieldDefinition buildTypeField(GraphQLObjectType introspectionSchemaType)
-
isIntrospectionTypes
public static boolean isIntrospectionTypes(GraphQLNamedType type)
-
getFieldDef
public static GraphQLFieldDefinition getFieldDef(GraphQLSchema schema, GraphQLCompositeType parentType, java.lang.String fieldName)
This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolution- Parameters:
schema
- the schema to useparentType
- the type of the parent objectfieldName
- the field to look up- Returns:
- a field definition otherwise throws an assertion exception if it's null
-
-