@PublicApi public class Introspection extends java.lang.Object
Some security recommendations such as OWASP
recommend that introspection be disabled in production. The enabledJvmWide(boolean)
method can be used to disable
introspection for the whole JVM or you can place INTROSPECTION_DISABLED
into the GraphQLContext
of a request
to disable introspection for that request.
Modifier and Type | Class and Description |
---|---|
static class |
Introspection.DirectiveLocation |
static class |
Introspection.TypeKind |
Modifier and Type | Field and Description |
---|---|
static GraphQLObjectType |
__Directive |
static GraphQLEnumType |
__DirectiveLocation |
static GraphQLObjectType |
__EnumValue |
static GraphQLObjectType |
__Field |
static GraphQLObjectType |
__InputValue |
static GraphQLObjectType |
__Schema |
static GraphQLObjectType |
__Type |
static GraphQLEnumType |
__TypeKind |
static java.lang.String |
INTROSPECTION_DISABLED
Placing a boolean value under this key in the per request
GraphQLContext will enable
or disable Introspection on that request. |
static java.util.Set<java.lang.String> |
INTROSPECTION_SYSTEM_FIELDS |
static GraphQLFieldDefinition |
SchemaMetaFieldDef |
static IntrospectionDataFetcher<?> |
SchemaMetaFieldDefDataFetcher |
static GraphQLFieldDefinition |
TypeMetaFieldDef |
static IntrospectionDataFetcher<?> |
TypeMetaFieldDefDataFetcher |
static GraphQLFieldDefinition |
TypeNameMetaFieldDef |
static IntrospectionDataFetcher<?> |
TypeNameMetaFieldDefDataFetcher |
Constructor and Description |
---|
Introspection() |
Modifier and Type | Method and Description |
---|---|
static void |
addCodeForIntrospectionTypes(GraphQLCodeRegistry.Builder codeRegistry) |
static GraphQLFieldDefinition |
buildSchemaField(GraphQLObjectType introspectionSchemaType) |
static GraphQLFieldDefinition |
buildTypeField(GraphQLObjectType introspectionSchemaType) |
static boolean |
enabledJvmWide(boolean enabled)
This static method will enable / disable Introspection at a JVM wide level.
|
static GraphQLFieldDefinition |
getFieldDef(GraphQLSchema schema,
GraphQLCompositeType parentType,
java.lang.String fieldName)
This will look up a field definition by name, and understand that fields like __typename and __schema are special
and take precedence in field resolution
|
static boolean |
isEnabledJvmWide() |
static java.util.Optional<ExecutionResult> |
isIntrospectionSensible(MergedSelectionSet mergedSelectionSet,
ExecutionContext executionContext)
This will look in to the field selection set and see if there are introspection fields,
and if there is,it checks if introspection should run, and if not it will return an errored
ExecutionResult
that can be returned to the user. |
static boolean |
isIntrospectionTypes(GraphQLNamedType type) |
public static final java.lang.String INTROSPECTION_DISABLED
GraphQLContext
will enable
or disable Introspection on that request.public static final GraphQLEnumType __TypeKind
public static final GraphQLObjectType __InputValue
public static final GraphQLObjectType __Field
public static final GraphQLObjectType __EnumValue
public static final GraphQLObjectType __Type
public static final GraphQLEnumType __DirectiveLocation
public static final GraphQLObjectType __Directive
public static final GraphQLObjectType __Schema
public static final GraphQLFieldDefinition SchemaMetaFieldDef
public static final GraphQLFieldDefinition TypeMetaFieldDef
public static final GraphQLFieldDefinition TypeNameMetaFieldDef
public static final java.util.Set<java.lang.String> INTROSPECTION_SYSTEM_FIELDS
public static final IntrospectionDataFetcher<?> SchemaMetaFieldDefDataFetcher
public static final IntrospectionDataFetcher<?> TypeMetaFieldDefDataFetcher
public static final IntrospectionDataFetcher<?> TypeNameMetaFieldDefDataFetcher
public static boolean enabledJvmWide(boolean enabled)
enabled
- the flag indicating the desired enabled statepublic static boolean isEnabledJvmWide()
public static java.util.Optional<ExecutionResult> isIntrospectionSensible(MergedSelectionSet mergedSelectionSet, ExecutionContext executionContext)
ExecutionResult
that can be returned to the user.mergedSelectionSet
- the fields to be executedexecutionContext
- the execution context in playpublic static void addCodeForIntrospectionTypes(GraphQLCodeRegistry.Builder codeRegistry)
public static GraphQLFieldDefinition buildSchemaField(GraphQLObjectType introspectionSchemaType)
public static GraphQLFieldDefinition buildTypeField(GraphQLObjectType introspectionSchemaType)
public static boolean isIntrospectionTypes(GraphQLNamedType type)
public static GraphQLFieldDefinition getFieldDef(GraphQLSchema schema, GraphQLCompositeType parentType, java.lang.String fieldName)
schema
- the schema to useparentType
- the type of the parent objectfieldName
- the field to look up