Package graphql.introspection

Class Introspection

  • @PublicApi
public class Introspection
extends java.lang.Object
    GraphQl has a unique capability called Introspection that allow consumers to inspect the system and discover the fields and types available and makes the system self documented.

    Some security recommendations such as OWASP recommend that introspection be disabled in production. The enabledJvmWide(boolean) method can be used to disable introspection for the whole JVM or you can place INTROSPECTION_DISABLED into the GraphQLContext of a request to disable introspection for that request.

    • Constructor Detail

      • Introspection

        public Introspection()

    • Method Detail

      • enabledJvmWide

        public static boolean enabledJvmWide​(boolean enabled)
        This static method will enable / disable Introspection at a JVM wide level.
        Parameters:
        enabled - the flag indicating the desired enabled state
        Returns:
        the previous state of enablement

      • isEnabledJvmWide

        public static boolean isEnabledJvmWide()
        Returns:
        true if Introspection is enabled at a JVM wide level or false otherwise

      • isIntrospectionSensible

        public static java.util.Optional<ExecutionResult> isIntrospectionSensible​(MergedSelectionSet mergedSelectionSet,
                                                                          ExecutionContext executionContext)
        This will look in to the field selection set and see if there are introspection fields, and if there is,it checks if introspection should run, and if not it will return an errored ExecutionResult that can be returned to the user.
        Parameters:
        mergedSelectionSet - the fields to be executed
        executionContext - the execution context in play
        Returns:
        an optional error result

      • isIntrospectionTypes

        public static boolean isIntrospectionTypes​(GraphQLNamedType type)

      • getFieldDef

        public static GraphQLFieldDefinition getFieldDef​(GraphQLSchema schema,
                                                 GraphQLCompositeType parentType,
                                                 java.lang.String fieldName)
        This will look up a field definition by name, and understand that fields like __typename and __schema are special and take precedence in field resolution
        Parameters:
        schema - the schema to use
        parentType - the type of the parent object
        fieldName - the field to look up
        Returns:
        a field definition otherwise throws an assertion exception if it's null