Package graphql.introspection

Class Introspection

java.lang.Object
graphql.introspection.Introspection
@PublicApi public class Introspection extends Object
GraphQl has a unique capability called Introspection that allow consumers to inspect the system and discover the fields and types available and makes the system self documented.

Some security recommendations such as OWASP recommend that introspection be disabled in production. The enabledJvmWide(boolean) method can be used to disable introspection for the whole JVM or you can place INTROSPECTION_DISABLED into the GraphQLContext of a request to disable introspection for that request.

  • Field Details

  • Constructor Details

    • Introspection

      public Introspection()

  • Method Details

    • enabledJvmWide

      public static boolean enabledJvmWide(boolean enabled)
      This static method will enable / disable Introspection at a JVM wide level.
      Parameters:
      enabled - the flag indicating the desired enabled state
      Returns:
      the previous state of enablement

    • isEnabledJvmWide

      public static boolean isEnabledJvmWide()
      Returns:
      true if Introspection is enabled at a JVM wide level or false otherwise

    • isIntrospectionSensible

      public static Optional<ExecutionResult> isIntrospectionSensible(MergedSelectionSet mergedSelectionSet, ExecutionContext executionContext)
      This will look in to the field selection set and see if there are introspection fields, and if there is,it checks if introspection should run, and if not it will return an errored ExecutionResult that can be returned to the user.
      Parameters:
      mergedSelectionSet - the fields to be executed
      executionContext - the execution context in play
      Returns:
      an optional error result

    • addCodeForIntrospectionTypes

      public static void addCodeForIntrospectionTypes(GraphQLCodeRegistry.Builder codeRegistry)

    • buildSchemaField

      public static GraphQLFieldDefinition buildSchemaField(GraphQLObjectType introspectionSchemaType)

    • buildTypeField

      public static GraphQLFieldDefinition buildTypeField(GraphQLObjectType introspectionSchemaType)

    • isIntrospectionTypes

      public static boolean isIntrospectionTypes(GraphQLNamedType type)

    • isIntrospectionTypes

      public static boolean isIntrospectionTypes(String typeName)

    • getFieldDef

      public static GraphQLFieldDefinition getFieldDef(GraphQLSchema schema, GraphQLCompositeType parentType, String fieldName)
      This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolution. If the parent type is a union type, then the only field allowed is `__typename`.
      Parameters:
      schema - the schema to use
      parentType - the type of the parent object
      fieldName - the field to look up
      Returns:
      a field definition otherwise throws an assertion exception if it's null

    • getFieldDefinition

      public static GraphQLFieldDefinition getFieldDefinition(GraphQLSchema schema, GraphQLFieldsContainer parentType, String fieldName)
      This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolution
      Parameters:
      schema - the schema to use
      parentType - the type of the parent GraphQLFieldsContainer
      fieldName - the field to look up
      Returns:
      a field definition otherwise throws an assertion exception if it's null