├── .gitignore
├── .pre-commit-config.yaml
├── .travis.yml
├── CHANGELOG.md
├── LICENSE
├── README.md
├── graphql-common
    ├── pom.xml
    └── src
    │   ├── main
    │       ├── java
    │       │   └── com
    │       │   │   └── networknt
    │       │   │       └── graphql
    │       │   │           └── common
    │       │   │               ├── GraphqlConfig.java
    │       │   │               ├── GraphqlConstants.java
    │       │   │               ├── GraphqlUtil.java
    │       │   │               ├── InstrumentationLoader.java
    │       │   │               └── InstrumentationProvider.java
    │       └── resources
    │       │   └── config
    │       │       └── graphql.yml
    │   └── test
    │       ├── java
    │           └── com
    │           │   └── networknt
    │           │       └── graphql
    │           │           └── common
    │           │               └── GraphqlUtilTest.java
    │       └── resources
    │           └── logback-test.xml
├── graphql-router
    ├── pom.xml
    └── src
    │   ├── main
    │       ├── java
    │       │   └── com
    │       │   │   └── networknt
    │       │   │       └── graphql
    │       │   │           └── router
    │       │   │               ├── ExecutionStrategyProvider.java
    │       │   │               ├── GraphqlCustomHandler.java
    │       │   │               ├── GraphqlEndpointSource.java
    │       │   │               ├── GraphqlRouter.java
    │       │   │               ├── RenderGraphiQL.java
    │       │   │               ├── SchemaProvider.java
    │       │   │               ├── handlers
    │       │   │                   ├── GraphqlGetHandler.java
    │       │   │                   ├── GraphqlOptionsHandler.java
    │       │   │                   ├── GraphqlPathHandler.java
    │       │   │                   ├── GraphqlPostHandler.java
    │       │   │                   ├── GraphqlSubscriptionHandler.java
    │       │   │                   └── GraphqlSubscriptionWrapper.java
    │       │   │               └── models
    │       │   │                   └── QueryParameters.java
    │       └── resources
    │       │   └── config
    │       │       ├── graphiql-subscriptions-fetcher.js
    │       │       └── graphiql.html
    │   └── test
    │       ├── java
    │           └── com
    │           │   └── networknt
    │           │       └── graphql
    │           │           └── router
    │           │               └── GraphqlEndpointSourceTest.java
    │       └── resources
    │           └── logback-test.xml
├── graphql-security
    ├── pom.xml
    └── src
    │   ├── main
    │       ├── java
    │       │   └── com
    │       │   │   └── networknt
    │       │   │       └── graphql
    │       │   │           └── security
    │       │   │               └── JwtVerifyHandler.java
    │       └── resources
    │       │   └── config
    │       │       ├── graphql-security.yml
    │       │       ├── primary.crt
    │       │       └── secondary.crt
    │   └── test
    │       ├── java
    │           └── com
    │           │   └── networknt
    │           │       └── graphql
    │           │           └── security
    │           │               └── JwtVerifyHandlerTest.java
    │       └── resources
    │           ├── config
    │               ├── client.truststore
    │               └── values.yml
    │           └── logback-test.xml
├── graphql-validator
    ├── pom.xml
    └── src
    │   ├── main
    │       ├── java
    │       │   └── com
    │       │   │   └── networknt
    │       │   │       └── graphql
    │       │   │           └── validator
    │       │   │               ├── ValidatorConfig.java
    │       │   │               └── ValidatorHandler.java
    │       └── resources
    │       │   └── config
    │       │       └── graphql-validator.yml
    │   └── test
    │       ├── java
    │           └── com
    │           │   └── networknt
    │           │       └── graphql
    │           │           └── validator
    │           │               └── ValidatorHandlerTest.java
    │       └── resources
    │           ├── config
    │               └── graphql-validator.yml
    │           └── logback-test.xml
└── pom.xml


/.gitignore:
--------------------------------------------------------------------------------
 1 | target/
 2 | bower_components/
 3 | node_modules/
 4 | dist/
 5 | .idea/
 6 | .tmp/
 7 | .project
 8 | .classpath
 9 | .settings
10 | .metadata/
11 | *.iml
12 | *.log
13 | *.tmp
14 | *.zip
15 | *.bak
16 | *.versionsBackup
17 | 
18 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
19 | hs_err_pid*
20 | 


--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
 1 | repos:
 2 | -   repo: https://github.com/pre-commit/pre-commit-hooks
 3 |     rev: v5.0.0
 4 |     hooks:
 5 |     -   id: trailing-whitespace
 6 |     -   id: end-of-file-fixer
 7 |     -   id: check-yaml
 8 |     -   id: check-added-large-files
 9 | -   repo: https://github.com/networknt/pre-commit-hook-keyword
10 |     rev: f17c4de14fc24420f6768c19cad06ba03af06d86
11 |     hooks:
12 |     -   id: keywordscan
13 |         args: ["--keywords=c3VubGlmZQ==,Y2liYw==,c3VuIGxpZmU="]
14 |         types: ["text"]
15 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: java
 2 | cache:
 3 |   directories:
 4 |     - $HOME/.m2
 5 | jdk:
 6 |   - openjdk11
 7 | branches:
 8 |   only:
 9 |     - master
10 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
  1 | # Change Log
  2 | 
  3 | ## [2.2.2](https://github.com/networknt/light-graphql-4j/tree/2.2.2) (2025-06-05)
  4 | 
  5 | 
  6 | **Merged pull requests:**
  7 | 
  8 | 
  9 | 
 10 | 
 11 | ## [2.2.1](https://github.com/networknt/light-graphql-4j/tree/2.2.1) (2025-03-22)
 12 | 
 13 | 
 14 | **Merged pull requests:**
 15 | 
 16 | 
 17 | 
 18 | 
 19 | ## [2.2.0](https://github.com/networknt/light-graphql-4j/tree/2.2.0) (2025-02-12)
 20 | 
 21 | 
 22 | **Merged pull requests:**
 23 | 
 24 | 
 25 | 
 26 | 
 27 | ## [2.1.37](https://github.com/networknt/light-graphql-4j/tree/2.1.37) (2024-09-20)
 28 | 
 29 | 
 30 | **Merged pull requests:**
 31 | 
 32 | 
 33 | ## [2.1.36](https://github.com/networknt/light-graphql-4j/tree/2.1.36) (2024-08-27)
 34 | 
 35 | 
 36 | **Merged pull requests:**
 37 | 
 38 | 
 39 | ## [2.1.35](https://github.com/networknt/light-graphql-4j/tree/2.1.35) (2024-08-17)
 40 | 
 41 | 
 42 | **Merged pull requests:**
 43 | 
 44 | 
 45 | - fixes \#122 update test cases to add use sig for the jwk response [\#123](https://github.com/networknt/light-graphql-4j/pull/123) ([stevehu](https://github.com/stevehu))
 46 | ## [2.1.34](https://github.com/networknt/light-graphql-4j/tree/2.1.34) (2024-06-22)
 47 | 
 48 | 
 49 | **Merged pull requests:**
 50 | 
 51 | 
 52 | - fixes \#120 add client.truststore in test config [\#121](https://github.com/networknt/light-graphql-4j/pull/121) ([stevehu](https://github.com/stevehu))
 53 | - [pre-commit.ci] pre-commit autoupdate [\#119](https://github.com/networknt/light-graphql-4j/pull/119) ([pre-commit-ci](https://github.com/apps/pre-commit-ci))
 54 | 
 55 | 
 56 | ## [2.1.33](https://github.com/networknt/light-graphql-4j/tree/2.1.33) (2024-03-31)
 57 | 
 58 | 
 59 | **Merged pull requests:**
 60 | 
 61 | 
 62 | 
 63 | 
 64 | ## [2.1.32](https://github.com/networknt/light-graphql-4j/tree/2.1.32) (2024-02-27)
 65 | 
 66 | 
 67 | **Merged pull requests:**
 68 | 
 69 | 
 70 | - [pre-commit.ci] pre-commit autoupdate [\#118](https://github.com/networknt/light-graphql-4j/pull/118) ([pre-commit-ci](https://github.com/apps/pre-commit-ci))
 71 | - fixes \#116 add pre-commit hook and apply it [\#117](https://github.com/networknt/light-graphql-4j/pull/117) ([stevehu](https://github.com/stevehu))
 72 | - fixes \#114 Use NoneDecryptedInstance to load the config for registerM… [\#115](https://github.com/networknt/light-graphql-4j/pull/115) ([stevehu](https://github.com/stevehu))
 73 | 
 74 | 
 75 | ## [2.1.31](https://github.com/networknt/light-graphql-4j/tree/2.1.31) (2024-01-16)
 76 | 
 77 | 
 78 | **Merged pull requests:**
 79 | 
 80 | 
 81 | - fixes \#112 Fix test cases by adding a new server2 for jwks endpoint [\#113](https://github.com/networknt/light-graphql-4j/pull/113) ([stevehu](https://github.com/stevehu))
 82 | - fixes \#110 update test cases to use jwks endpoint and add skipPathPre… [\#111](https://github.com/networknt/light-graphql-4j/pull/111) ([stevehu](https://github.com/stevehu))
 83 | 
 84 | 
 85 | ## [2.1.30](https://github.com/networknt/light-graphql-4j/tree/2.1.30) (2023-11-21)
 86 | 
 87 | 
 88 | **Merged pull requests:**
 89 | 
 90 | 
 91 | 
 92 | 
 93 | ## [2.1.29](https://github.com/networknt/light-graphql-4j/tree/2.1.29) (2023-11-19)
 94 | 
 95 | 
 96 | **Merged pull requests:**
 97 | 
 98 | 
 99 | - fixes \#107 refactor module registry to add config name [\#108](https://github.com/networknt/light-graphql-4j/pull/108) ([stevehu](https://github.com/stevehu))
100 | - fixes \#105 sync the graphql-security.yml with the security.yml in lig… [\#106](https://github.com/networknt/light-graphql-4j/pull/106) ([stevehu](https://github.com/stevehu))
101 | 
102 | 
103 | ## [2.1.28](https://github.com/networknt/light-graphql-4j/tree/2.1.28) (2023-10-24)
104 | 
105 | 
106 | **Merged pull requests:**
107 | 
108 | 
109 | 
110 | 
111 | ## [2.1.27](https://github.com/networknt/light-graphql-4j/tree/2.1.27) (2023-10-04)
112 | 
113 | 
114 | **Merged pull requests:**
115 | 
116 | 
117 | 
118 | 
119 | ## [2.1.26](https://github.com/networknt/light-graphql-4j/tree/2.1.26) (2023-08-17)
120 | 
121 | 
122 | **Merged pull requests:**
123 | 
124 | 
125 | ## [2.1.25](https://github.com/networknt/light-graphql-4j/tree/2.1.25) (2023-08-08)
126 | 
127 | 
128 | **Merged pull requests:**
129 | 
130 | 
131 | 
132 | 
133 | ## [2.1.24](https://github.com/networknt/light-graphql-4j/tree/2.1.24) (2023-08-07)
134 | 
135 | 
136 | **Merged pull requests:**
137 | 
138 | 
139 | 
140 | 
141 | ## [2.1.23](https://github.com/networknt/light-graphql-4j/tree/2.1.23) (2023-07-11)
142 | 
143 | 
144 | **Merged pull requests:**
145 | 
146 | 
147 | 
148 | 
149 | ## [2.1.22](https://github.com/networknt/light-graphql-4j/tree/2.1.22) (2023-06-22)
150 | 
151 | 
152 | **Merged pull requests:**
153 | 
154 | 
155 | 
156 | 
157 | ## [2.1.21](https://github.com/networknt/light-graphql-4j/tree/2.1.21) (2023-06-22)
158 | 
159 | 
160 | **Merged pull requests:**
161 | 
162 | 
163 | 
164 | 
165 | ## [2.1.20](https://github.com/networknt/light-graphql-4j/tree/2.1.20) (2023-06-17)
166 | 
167 | 
168 | **Merged pull requests:**
169 | 
170 | 
171 | ## [2.1.19](https://github.com/networknt/light-graphql-4j/tree/2.1.19) (2023-06-05)
172 | 
173 | 
174 | **Merged pull requests:**
175 | 
176 | 
177 | 
178 | 
179 | ## [2.1.18](https://github.com/networknt/light-graphql-4j/tree/2.1.18) (2023-05-06)
180 | 
181 | 
182 | **Merged pull requests:**
183 | 
184 | 
185 | 
186 | 
187 | ## [2.1.17](https://github.com/networknt/light-graphql-4j/tree/2.1.17) (2023-05-05)
188 | 
189 | 
190 | **Merged pull requests:**
191 | 
192 | 
193 | ## [2.1.16](https://github.com/networknt/light-graphql-4j/tree/2.1.16) (2023-04-28)
194 | 
195 | 
196 | **Merged pull requests:**
197 | 
198 | 
199 | 
200 | 
201 | ## [2.1.15](https://github.com/networknt/light-graphql-4j/tree/2.1.15) (2023-04-19)
202 | 
203 | 
204 | **Merged pull requests:**
205 | 
206 | 
207 | ## [2.1.14](https://github.com/networknt/light-graphql-4j/tree/2.1.14) (2023-04-19)
208 | 
209 | 
210 | **Merged pull requests:**
211 | 
212 | 
213 | 
214 | 
215 | ## [2.1.13](https://github.com/networknt/light-graphql-4j/tree/2.1.13) (2023-04-19)
216 | 
217 | 
218 | **Merged pull requests:**
219 | 
220 | 
221 | ## [2.1.12](https://github.com/networknt/light-graphql-4j/tree/2.1.12) (2023-04-14)
222 | 
223 | 
224 | **Merged pull requests:**
225 | 
226 | 
227 | 
228 | 
229 | ## [2.1.11](https://github.com/networknt/light-graphql-4j/tree/2.1.11) (2023-04-10)
230 | 
231 | 
232 | **Merged pull requests:**
233 | 
234 | 
235 | ## [2.1.10](https://github.com/networknt/light-graphql-4j/tree/2.1.10) (2023-04-06)
236 | 
237 | 
238 | **Merged pull requests:**
239 | 
240 | 
241 | ## [2.1.9](https://github.com/networknt/light-graphql-4j/tree/2.1.9) (2023-03-30)
242 | 
243 | 
244 | **Merged pull requests:**
245 | 
246 | 
247 | 
248 | 
249 | ## [2.1.8](https://github.com/networknt/light-graphql-4j/tree/2.1.8) (2023-03-06)
250 | 
251 | 
252 | **Merged pull requests:**
253 | 
254 | 
255 | - fixes \#103 update the JwtVerifyHandler to get the token from the auth… [\#104](https://github.com/networknt/light-graphql-4j/pull/104) ([stevehu](https://github.com/stevehu))
256 | ## [2.1.7](https://github.com/networknt/light-graphql-4j/tree/2.1.7) (2023-02-14)
257 | 
258 | 
259 | **Merged pull requests:**
260 | 
261 | 
262 | 
263 | 
264 | ## [2.1.6](https://github.com/networknt/light-graphql-4j/tree/2.1.6) (2023-02-06)
265 | 
266 | 
267 | **Merged pull requests:**
268 | 
269 | 
270 | ## [2.1.5](https://github.com/networknt/light-graphql-4j/tree/2.1.5) (2023-01-04)
271 | 
272 | 
273 | **Merged pull requests:**
274 | 
275 | 
276 | - fixes \#101 update JwtVerifyHandler for the new signature [\#102](https://github.com/networknt/light-graphql-4j/pull/102) ([stevehu](https://github.com/stevehu))
277 | - fixes \#99 add skipVerifyScopeWithoutSpec flag to graphql-security.yml [\#100](https://github.com/networknt/light-graphql-4j/pull/100) ([stevehu](https://github.com/stevehu))
278 | - fixes \#97 update openapi-security.yml to add jwtCacheFullSize [\#98](https://github.com/networknt/light-graphql-4j/pull/98) ([stevehu](https://github.com/stevehu))
279 | ## [2.1.4](https://github.com/networknt/light-graphql-4j/tree/2.1.4) (2022-11-30)
280 | 
281 | 
282 | **Merged pull requests:**
283 | 
284 | 
285 | ## [2.1.3](https://github.com/networknt/light-graphql-4j/tree/2.1.3) (2022-11-10)
286 | 
287 | 
288 | **Merged pull requests:**
289 | 
290 | 
291 | ## [2.1.2](https://github.com/networknt/light-graphql-4j/tree/2.1.2) (2022-10-22)
292 | 
293 | 
294 | **Merged pull requests:**
295 | 
296 | 
297 | - fixes \#91 pass in request path to verifyJwt to support mulitple OAuth… [\#92](https://github.com/networknt/light-graphql-4j/pull/92) ([stevehu](https://github.com/stevehu))
298 | - fixes \#89 update graphql-security.yml to use JsonWebKeySet for keyRes… [\#90](https://github.com/networknt/light-graphql-4j/pull/90) ([stevehu](https://github.com/stevehu))
299 | - fixes \#87 add providerId to the security.yml for oauth key service [\#88](https://github.com/networknt/light-graphql-4j/pull/88) ([stevehu](https://github.com/stevehu))
300 | - fixes \#85 externalize the graphql-validator.yml in the default folder [\#86](https://github.com/networknt/light-graphql-4j/pull/86) ([stevehu](https://github.com/stevehu))
301 | - fixes \#83 Update JwtVerifierHandler to use SecurityConfig [\#84](https://github.com/networknt/light-graphql-4j/pull/84) ([stevehu](https://github.com/stevehu))
302 | ## [2.1.1](https://github.com/networknt/light-graphql-4j/tree/2.1.1) (2022-04-26)
303 | 
304 | 
305 | **Merged pull requests:**
306 | 
307 | 
308 | ## [2.1.0](https://github.com/networknt/light-graphql-4j/tree/2.1.0) (2022-02-27)
309 | 
310 | 
311 | **Merged pull requests:**
312 | 
313 | 
314 | - custom response handling [\#81](https://github.com/networknt/light-graphql-4j/pull/81) ([wokere](https://github.com/wokere))
315 | 
316 | 
317 | ## [2.0.32](https://github.com/networknt/light-graphql-4j/tree/2.0.32) (2021-10-19)
318 | 
319 | 
320 | **Merged pull requests:**
321 | 
322 | 
323 | 
324 | 
325 | ## [2.0.31](https://github.com/networknt/light-graphql-4j/tree/2.0.31) (2021-09-22)
326 | 
327 | 
328 | **Merged pull requests:**
329 | 
330 | 
331 | ## [2.0.30](https://github.com/networknt/light-graphql-4j/tree/2.0.30) (2021-08-23)
332 | 
333 | 
334 | **Merged pull requests:**
335 | 
336 | 
337 | ## [2.0.29](https://github.com/networknt/light-graphql-4j/tree/2.0.29) (2021-07-25)
338 | 
339 | 
340 | **Merged pull requests:**
341 | 
342 | 
343 | 
344 | 
345 | ## [2.0.28](https://github.com/networknt/light-graphql-4j/tree/2.0.28) (2021-06-27)
346 | 
347 | 
348 | **Merged pull requests:**
349 | 
350 | 
351 | ## [2.0.27](https://github.com/networknt/light-graphql-4j/tree/2.0.27) (2021-05-25)
352 | 
353 | 
354 | **Merged pull requests:**
355 | 
356 | 
357 | ## [2.0.26](https://github.com/networknt/light-graphql-4j/tree/2.0.26) (2021-04-27)
358 | 
359 | 
360 | **Merged pull requests:**
361 | 
362 | 
363 | ## [2.0.25](https://github.com/networknt/light-graphql-4j/tree/2.0.25) (2021-03-28)
364 | 
365 | 
366 | **Merged pull requests:**
367 | 
368 | 
369 | 
370 | 
371 | ## [2.0.24](https://github.com/networknt/light-graphql-4j/tree/2.0.24) (2021-02-24)
372 | 
373 | 
374 | **Merged pull requests:**
375 | 
376 | 
377 | - Bump jackson-databind from 2.10.4 to 2.10.5.1 [\#79](https://github.com/networknt/light-graphql-4j/pull/79) ([dependabot](https://github.com/apps/dependabot))
378 | ## [2.0.23](https://github.com/networknt/light-graphql-4j/tree/2.0.23) (2021-01-29)
379 | 
380 | 
381 | **Merged pull requests:**
382 | 
383 | 
384 | ## [2.0.22](https://github.com/networknt/light-graphql-4j/tree/2.0.22) (2020-12-22)
385 | 
386 | 
387 | **Merged pull requests:**
388 | 
389 | 
390 | 
391 | 
392 | ## [2.0.21](https://github.com/networknt/light-graphql-4j/tree/2.0.21) (2020-11-25)
393 | 
394 | 
395 | **Merged pull requests:**
396 | 
397 | 
398 | 
399 | 
400 | ## [2.0.20](https://github.com/networknt/light-graphql-4j/tree/2.0.20) (2020-11-05)
401 | 
402 | 
403 | **Merged pull requests:**
404 | 
405 | 
406 | ## [2.0.19](https://github.com/networknt/light-graphql-4j/tree/2.0.19) (2020-11-01)
407 | 
408 | 
409 | **Merged pull requests:**
410 | 
411 | 
412 | ## [2.0.18](https://github.com/networknt/light-graphql-4j/tree/2.0.18) (2020-10-01)
413 | 
414 | 
415 | **Merged pull requests:**
416 | 
417 | 
418 | 
419 | 
420 | ## [2.0.17](https://github.com/networknt/light-graphql-4j/tree/2.0.17) (2020-08-28)
421 | 
422 | 
423 | **Merged pull requests:**
424 | 
425 | 
426 | ## [2.0.16](https://github.com/networknt/light-graphql-4j/tree/2.0.16) (2020-08-01)
427 | 
428 | 
429 | **Merged pull requests:**
430 | 
431 | 
432 | ## [2.0.15](https://github.com/networknt/light-graphql-4j/tree/2.0.15) (2020-07-01)
433 | 
434 | 
435 | **Merged pull requests:**
436 | 
437 | 
438 | ## [2.0.14](https://github.com/networknt/light-graphql-4j/tree/2.0.14) (2020-05-29)
439 | 
440 | 
441 | **Merged pull requests:**
442 | 
443 | 
444 | ## [2.0.13](https://github.com/networknt/light-graphql-4j/tree/2.0.13) (2020-05-01)
445 | 
446 | 
447 | **Merged pull requests:**
448 | 
449 | 
450 | ## [2.0.12](https://github.com/networknt/light-graphql-4j/tree/2.0.12) (2020-03-31)
451 | 
452 | 
453 | **Merged pull requests:**
454 | 
455 | 
456 | ## [2.0.11](https://github.com/networknt/light-graphql-4j/tree/2.0.11) (2020-02-29)
457 | 
458 | 
459 | **Merged pull requests:**
460 | 
461 | 
462 | ## [2.0.10](https://github.com/networknt/light-graphql-4j/tree/2.0.10) (2020-01-31)
463 | 
464 | 
465 | **Merged pull requests:**
466 | 
467 | 
468 | 
469 | 
470 | ## [2.0.9](https://github.com/networknt/light-graphql-4j/tree/2.0.9) (2019-12-30)
471 | 
472 | 
473 | **Merged pull requests:**
474 | 
475 | 
476 | ## [2.0.8](https://github.com/networknt/light-graphql-4j/tree/2.0.8) (2019-11-27)
477 | 
478 | 
479 | **Merged pull requests:**
480 | 
481 | 
482 | ## [2.0.7](https://github.com/networknt/light-graphql-4j/tree/2.0.7) (2019-10-26)
483 | 
484 | 
485 | **Merged pull requests:**
486 | 
487 | 
488 | ## [2.0.6](https://github.com/networknt/light-graphql-4j/tree/2.0.6) (2019-09-13)
489 | 
490 | 
491 | **Merged pull requests:**
492 | 
493 | 
494 | ## [2.0.5](https://github.com/networknt/light-graphql-4j/tree/2.0.5) (2019-08-30)
495 | 
496 | 
497 | **Merged pull requests:**
498 | 
499 | 
500 | 
501 | 
502 | ## [2.0.4](https://github.com/networknt/light-graphql-4j/tree/2.0.4) (2019-08-16)
503 | 
504 | 
505 | **Merged pull requests:**
506 | 
507 | 
508 | ## [2.0.3](https://github.com/networknt/light-graphql-4j/tree/2.0.3) (2019-07-31)
509 | 
510 | 
511 | **Merged pull requests:**
512 | 
513 | 
514 | 
515 | 
516 | ## [2.0.2](https://github.com/networknt/light-graphql-4j/tree/2.0.2) (2019-07-10)
517 | 
518 | 
519 | **Merged pull requests:**
520 | 
521 | 
522 | ## [2.0.1](https://github.com/networknt/light-graphql-4j/tree/2.0.1) (2019-06-13)
523 | 
524 | 
525 | **Merged pull requests:**
526 | 
527 | 
528 | ## [1.6.4](https://github.com/networknt/light-graphql-4j/tree/1.6.4) (2019-06-10)
529 | 
530 | 
531 | **Merged pull requests:**
532 | 
533 | 
534 | ## [1.6.2](https://github.com/networknt/light-graphql-4j/tree/1.6.2) (2019-05-17)
535 | 
536 | 
537 | **Merged pull requests:**
538 | 
539 | 
540 | ## [1.6.1](https://github.com/networknt/light-graphql-4j/tree/1.6.1) (2019-05-03)
541 | 
542 | 
543 | **Merged pull requests:**
544 | 
545 | 
546 | ## [1.6.0](https://github.com/networknt/light-graphql-4j/tree/1.6.0) (2019-04-05)
547 | 
548 | 
549 | **Merged pull requests:**
550 | 
551 | 
552 | ## [1.5.31](https://github.com/networknt/light-graphql-4j/tree/1.5.31) (2019-03-02)
553 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.30...1.5.31)
554 | 
555 | ## [1.5.30](https://github.com/networknt/light-graphql-4j/tree/1.5.30) (2019-02-21)
556 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.29...1.5.30)
557 | 
558 | ## [1.5.29](https://github.com/networknt/light-graphql-4j/tree/1.5.29) (2019-02-16)
559 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.28...1.5.29)
560 | 
561 | ## [1.5.28](https://github.com/networknt/light-graphql-4j/tree/1.5.28) (2019-01-13)
562 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.27...1.5.28)
563 | 
564 | ## [1.5.27](https://github.com/networknt/light-graphql-4j/tree/1.5.27) (2019-01-12)
565 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.25...1.5.27)
566 | 
567 | ## [1.5.25](https://github.com/networknt/light-graphql-4j/tree/1.5.25) (2018-12-24)
568 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.24...1.5.25)
569 | 
570 | ## [1.5.24](https://github.com/networknt/light-graphql-4j/tree/1.5.24) (2018-12-15)
571 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.23...1.5.24)
572 | 
573 | ## [1.5.23](https://github.com/networknt/light-graphql-4j/tree/1.5.23) (2018-12-01)
574 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.22...1.5.23)
575 | 
576 | ## [1.5.22](https://github.com/networknt/light-graphql-4j/tree/1.5.22) (2018-11-10)
577 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.21...1.5.22)
578 | 
579 | ## [1.5.21](https://github.com/networknt/light-graphql-4j/tree/1.5.21) (2018-10-05)
580 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.20...1.5.21)
581 | 
582 | ## [1.5.20](https://github.com/networknt/light-graphql-4j/tree/1.5.20) (2018-10-05)
583 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.19...1.5.20)
584 | 
585 | **Closed issues:**
586 | 
587 | - remove security.yml and add graphql-validator.yml [\#51](https://github.com/networknt/light-graphql-4j/issues/51)
588 | 
589 | ## [1.5.19](https://github.com/networknt/light-graphql-4j/tree/1.5.19) (2018-09-22)
590 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.18...1.5.19)
591 | 
592 | **Closed issues:**
593 | 
594 | - create one and only one handler instance in GraphqlPathHandler [\#50](https://github.com/networknt/light-graphql-4j/issues/50)
595 | - switch to http-string module for HttpString headers constants [\#48](https://github.com/networknt/light-graphql-4j/issues/48)
596 | 
597 | **Merged pull requests:**
598 | 
599 | - Trivial GraphqlEndpointSource listing `/graphql@{get,post,options}`… [\#49](https://github.com/networknt/light-graphql-4j/pull/49) ([logi](https://github.com/logi))
600 | - Configurable Exectution Strategies [\#47](https://github.com/networknt/light-graphql-4j/pull/47) ([logi](https://github.com/logi))
601 | 
602 | ## [1.5.18](https://github.com/networknt/light-graphql-4j/tree/1.5.18) (2018-08-16)
603 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.17...1.5.18)
604 | 
605 | **Closed issues:**
606 | 
607 | - flatten the config files into the same directory for k8s [\#46](https://github.com/networknt/light-graphql-4j/issues/46)
608 | - support specific GraphQL security and validator configuration [\#44](https://github.com/networknt/light-graphql-4j/issues/44)
609 | - upgrade to undertow 2.0.11.Final [\#43](https://github.com/networknt/light-graphql-4j/issues/43)
610 | 
611 | **Merged pull requests:**
612 | 
613 | - fixes \#44 support specific GraphQL security and validator configuration [\#45](https://github.com/networknt/light-graphql-4j/pull/45) ([stevehu](https://github.com/stevehu))
614 | 
615 | ## [1.5.17](https://github.com/networknt/light-graphql-4j/tree/1.5.17) (2018-07-15)
616 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.16...1.5.17)
617 | 
618 | ## [1.5.16](https://github.com/networknt/light-graphql-4j/tree/1.5.16) (2018-07-05)
619 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.15...1.5.16)
620 | 
621 | ## [1.5.15](https://github.com/networknt/light-graphql-4j/tree/1.5.15) (2018-06-18)
622 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.14...1.5.15)
623 | 
624 | **Closed issues:**
625 | 
626 | - switch to default setExchangeStatus method for errors [\#42](https://github.com/networknt/light-graphql-4j/issues/42)
627 | 
628 | ## [1.5.14](https://github.com/networknt/light-graphql-4j/tree/1.5.14) (2018-05-19)
629 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.13...1.5.14)
630 | 
631 | **Closed issues:**
632 | 
633 | - update VerifyJwt signature and security.yml [\#41](https://github.com/networknt/light-graphql-4j/issues/41)
634 | - Log error message on the server if validation error occurs [\#40](https://github.com/networknt/light-graphql-4j/issues/40)
635 | - Add Instrumentation to Config and PostHandler [\#38](https://github.com/networknt/light-graphql-4j/issues/38)
636 | 
637 | ## [1.5.13](https://github.com/networknt/light-graphql-4j/tree/1.5.13) (2018-04-20)
638 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.12...1.5.13)
639 | 
640 | **Merged pull requests:**
641 | 
642 | - Adding support for injectable instrumentation \#38 [\#39](https://github.com/networknt/light-graphql-4j/pull/39) ([NicholasAzar](https://github.com/NicholasAzar))
643 | 
644 | ## [1.5.12](https://github.com/networknt/light-graphql-4j/tree/1.5.12) (2018-04-08)
645 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.11...1.5.12)
646 | 
647 | **Implemented enhancements:**
648 | 
649 | - bump pom graphql-java to 8.0 [\#37](https://github.com/networknt/light-graphql-4j/issues/37)
650 | 
651 | **Closed issues:**
652 | 
653 | - remove unused version properties in pom.xml [\#36](https://github.com/networknt/light-graphql-4j/issues/36)
654 | 
655 | ## [1.5.11](https://github.com/networknt/light-graphql-4j/tree/1.5.11) (2018-03-31)
656 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.10...1.5.11)
657 | 
658 | **Closed issues:**
659 | 
660 | - ensure that all responses have a valid status code [\#35](https://github.com/networknt/light-graphql-4j/issues/35)
661 | 
662 | ## [1.5.10](https://github.com/networknt/light-graphql-4j/tree/1.5.10) (2018-03-02)
663 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.9...1.5.10)
664 | 
665 | **Closed issues:**
666 | 
667 | - add subject\_claims and access\_claims into auditInfo attachment [\#34](https://github.com/networknt/light-graphql-4j/issues/34)
668 | 
669 | ## [1.5.9](https://github.com/networknt/light-graphql-4j/tree/1.5.9) (2018-02-21)
670 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.8...1.5.9)
671 | 
672 | **Closed issues:**
673 | 
674 | - enable travis ci work with master branch only [\#33](https://github.com/networknt/light-graphql-4j/issues/33)
675 | - return header conent-type with application/json for post handler [\#32](https://github.com/networknt/light-graphql-4j/issues/32)
676 | 
677 | ## [1.5.8](https://github.com/networknt/light-graphql-4j/tree/1.5.8) (2018-01-10)
678 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.7...1.5.8)
679 | 
680 | ## [1.5.7](https://github.com/networknt/light-graphql-4j/tree/1.5.7) (2018-01-09)
681 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.6...1.5.7)
682 | 
683 | **Closed issues:**
684 | 
685 | - GraphqlPostHandler does not return application json [\#28](https://github.com/networknt/light-graphql-4j/issues/28)
686 | - update README.md to link to document site [\#26](https://github.com/networknt/light-graphql-4j/issues/26)
687 | - clean up dependencies for all modules [\#25](https://github.com/networknt/light-graphql-4j/issues/25)
688 | - upgrade to graphql-java 6.0 with subscription [\#24](https://github.com/networknt/light-graphql-4j/issues/24)
689 | 
690 | ## [1.5.6](https://github.com/networknt/light-graphql-4j/tree/1.5.6) (2017-12-28)
691 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.4...1.5.6)
692 | 
693 | **Closed issues:**
694 | 
695 | - Update default security.yml in graphql-security [\#23](https://github.com/networknt/light-graphql-4j/issues/23)
696 | - Maven build warnings [\#22](https://github.com/networknt/light-graphql-4j/issues/22)
697 | 
698 | ## [1.5.4](https://github.com/networknt/light-graphql-4j/tree/1.5.4) (2017-11-21)
699 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.3...1.5.4)
700 | 
701 | **Closed issues:**
702 | 
703 | - Load schema provider from service module instead of Java service provider [\#21](https://github.com/networknt/light-graphql-4j/issues/21)
704 | 
705 | ## [1.5.3](https://github.com/networknt/light-graphql-4j/tree/1.5.3) (2017-11-20)
706 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.2...1.5.3)
707 | 
708 | ## [1.5.2](https://github.com/networknt/light-graphql-4j/tree/1.5.2) (2017-11-20)
709 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.1...1.5.2)
710 | 
711 | ## [1.5.1](https://github.com/networknt/light-graphql-4j/tree/1.5.1) (2017-11-09)
712 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.5.0...1.5.1)
713 | 
714 | ## [1.5.0](https://github.com/networknt/light-graphql-4j/tree/1.5.0) (2017-10-21)
715 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.4.6...1.5.0)
716 | 
717 | **Closed issues:**
718 | 
719 | - Upgrade dependencies and add maven-version [\#20](https://github.com/networknt/light-graphql-4j/issues/20)
720 | 
721 | ## [1.4.6](https://github.com/networknt/light-graphql-4j/tree/1.4.6) (2017-09-24)
722 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.4.4...1.4.6)
723 | 
724 | ## [1.4.4](https://github.com/networknt/light-graphql-4j/tree/1.4.4) (2017-09-21)
725 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.4.3...1.4.4)
726 | 
727 | ## [1.4.3](https://github.com/networknt/light-graphql-4j/tree/1.4.3) (2017-09-10)
728 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.4.2...1.4.3)
729 | 
730 | ## [1.4.2](https://github.com/networknt/light-graphql-4j/tree/1.4.2) (2017-08-31)
731 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.4.1...1.4.2)
732 | 
733 | ## [1.4.1](https://github.com/networknt/light-graphql-4j/tree/1.4.1) (2017-08-30)
734 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.4.0...1.4.1)
735 | 
736 | **Closed issues:**
737 | 
738 | - Upgrade Undertow and Jackson to the newer version [\#19](https://github.com/networknt/light-graphql-4j/issues/19)
739 | 
740 | ## [1.4.0](https://github.com/networknt/light-graphql-4j/tree/1.4.0) (2017-08-22)
741 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.3.5...1.4.0)
742 | 
743 | **Closed issues:**
744 | 
745 | - Replace Client with Http2Client in test cases and remove dependency of apache httpclient [\#18](https://github.com/networknt/light-graphql-4j/issues/18)
746 | - Upgrade to Undertow 1.4.18.Final and remove JsonPath from pom.xml [\#17](https://github.com/networknt/light-graphql-4j/issues/17)
747 | 
748 | ## [1.3.5](https://github.com/networknt/light-graphql-4j/tree/1.3.5) (2017-08-01)
749 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.3.4...1.3.5)
750 | 
751 | ## [1.3.4](https://github.com/networknt/light-graphql-4j/tree/1.3.4) (2017-07-08)
752 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.3.3...1.3.4)
753 | 
754 | ## [1.3.3](https://github.com/networknt/light-graphql-4j/tree/1.3.3) (2017-06-14)
755 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.3.2...1.3.3)
756 | 
757 | ## [1.3.2](https://github.com/networknt/light-graphql-4j/tree/1.3.2) (2017-06-14)
758 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.3.1...1.3.2)
759 | 
760 | **Closed issues:**
761 | 
762 | - Update security handler to populate AuditInfo exchange attachment for Audit and Metrics [\#16](https://github.com/networknt/light-graphql-4j/issues/16)
763 | - graphql-security should populate auditInfo in order to make metrics work. [\#15](https://github.com/networknt/light-graphql-4j/issues/15)
764 | 
765 | ## [1.3.1](https://github.com/networknt/light-graphql-4j/tree/1.3.1) (2017-06-03)
766 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.3.0...1.3.1)
767 | 
768 | **Closed issues:**
769 | 
770 | - Upgrade to graphql-java 3.0.0 with IDL support in ligh-codegen [\#14](https://github.com/networknt/light-graphql-4j/issues/14)
771 | 
772 | ## [1.3.0](https://github.com/networknt/light-graphql-4j/tree/1.3.0) (2017-05-06)
773 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.2.8...1.3.0)
774 | 
775 | **Closed issues:**
776 | 
777 | - Change the project name to light-graphql-4j as java is Oracle trademark [\#13](https://github.com/networknt/light-graphql-4j/issues/13)
778 | 
779 | ## [1.2.8](https://github.com/networknt/light-graphql-4j/tree/1.2.8) (2017-05-02)
780 | [Full Changelog](https://github.com/networknt/light-graphql-4j/compare/1.2.7...1.2.8)
781 | 
782 | **Closed issues:**
783 | 
784 | - upgrade dependencies to the latest version [\#12](https://github.com/networknt/light-graphql-4j/issues/12)
785 | 
786 | ## [1.2.7](https://github.com/networknt/light-graphql-4j/tree/1.2.7) (2017-03-28)
787 | **Fixed bugs:**
788 | 
789 | - Get AssertionError if arguments map is null [\#10](https://github.com/networknt/light-graphql-4j/issues/10)
790 | 
791 | **Closed issues:**
792 | 
793 | - Handle query parameter is missing [\#9](https://github.com/networknt/light-graphql-4j/issues/9)
794 | - Support variables, operationName and pass exchange as context [\#8](https://github.com/networknt/light-graphql-4j/issues/8)
795 | - GraphiQL IntrospectionQuery is not rendered correctly [\#7](https://github.com/networknt/light-graphql-4j/issues/7)
796 | - Implement GraphiQL in get handler [\#6](https://github.com/networknt/light-graphql-4j/issues/6)
797 | - Add SchemaProvider interface so that the handlers can load schema with SPI. [\#5](https://github.com/networknt/light-graphql-4j/issues/5)
798 | - Implement graphql-common to share the configuration and static utility with simple dependencies [\#4](https://github.com/networknt/light-graphql-4j/issues/4)
799 | - Implement GraphQL validator [\#3](https://github.com/networknt/light-graphql-4j/issues/3)
800 | - Implement graphql-router [\#2](https://github.com/networknt/light-graphql-4j/issues/2)
801 | - Implement JWT token verification for GraphQL endpoint [\#1](https://github.com/networknt/light-graphql-4j/issues/1)
802 | 
803 | 
804 | 
805 | \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
806 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "{}"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright {yyyy} {name of copyright owner}
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | GraphQL framework based on light-4j
 2 | 
 3 | [Stack Overflow](https://stackoverflow.com/questions/tagged/light-4j) |
 4 | [Google Group](https://groups.google.com/forum/#!forum/light-4j) |
 5 | [Gitter Chat](https://gitter.im/networknt/light-graphql-4j) |
 6 | [Subreddit](https://www.reddit.com/r/lightapi/) |
 7 | [Youtube Channel](https://www.youtube.com/channel/UCHCRMWJVXw8iB7zKxF55Byw) |
 8 | [Documentation](https://doc.networknt.com/style/light-graphql-4j/) |
 9 | [Contribution Guide](https://doc.networknt.com/contribute/) |
10 | 
11 | [![Build Status](https://travis-ci.org/networknt/light-graphql-4j.svg?branch=master)](https://travis-ci.org/networknt/light-graphql-4j)
12 | 
13 | ## Components
14 | 
15 | ### graphql-common
16 | This module controls the configuration for GraphQL service and share some static variables
17 | with other modules to make the dependencies much simpler.
18 | 
19 | ### graphql-router
20 | This module provides RouteHandler and SchemaProvider interfaces and implement both GET and
21 | POST handlers for GraphQL.
22 | 
23 | ## Middleware Handlers:
24 | 
25 | ### graphql-security
26 | This is the handler that should be put before graphql-validator. There is no need to
27 | do any validation if JWT token does not exist in the request header.
28 | 
29 | ### graphql-validator
30 | Basic request validation for the graphql path and methods. It is the first line of
31 | validation right after graphql-security and it doesn't have any knowledge about the
32 | graphql query parameter and body.
33 | 
34 | ## Tutorial
35 | 
36 | ### [Hello World](https://doc.networknt.com/tutorial/graphql/helloworld/)
37 | 
38 | This is a very simple Hello World query to show you how to get GraphQL up and running with
39 | light-codegen without using GraphQL IDL.
40 | 
41 | ### [Star Wars](https://doc.networknt.com/tutorial/graphql/starwars/)
42 | 
43 | This is a similar example as Hello World with IDL to trigger the generation. It is utilize the
44 | star wars GraphQL IDL downloaded from the Internet.
45 | 
46 | ### [Mutation](https://doc.networknt.com/tutorial/graphql/mutation/)
47 | 
48 | This example shows you how to create a full blown GraphQL service with both query and mutation.
49 | 
50 | ### [Mutation IDL](https://doc.networknt.com/tutorial/graphql/mutation-idl/)
51 | 
52 | This is the same example like the mutation but is generated from a schema.
53 | 
54 | ### [Relay Todo](https://doc.networknt.com/tutorial/graphql/relay-todo/)
55 | 
56 | This is to show you how to build a GraphQL service that is working with Relayjs.
57 | 


--------------------------------------------------------------------------------
/graphql-common/pom.xml:
--------------------------------------------------------------------------------
 1 | <!--
 2 |   ~ Copyright (c) 2016 Network New Technologies Inc.
 3 |   ~
 4 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
 5 |   ~ You may not use this file except in compliance with the License.
 6 |   ~ You may obtain a copy of the License at
 7 |   ~
 8 |   ~      http://www.apache.org/licenses/LICENSE-2.0
 9 |   ~
10 |   ~ Unless required by applicable law or agreed to in writing, software
11 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
12 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   ~ See the License for the specific language governing permissions and
14 |   ~ limitations under the License.
15 |   -->
16 | 
17 | <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
18 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
19 |     <modelVersion>4.0.0</modelVersion>
20 | 
21 |     <parent>
22 |         <groupId>com.networknt</groupId>
23 |         <artifactId>light-graphql-4j</artifactId>
24 |         <version>2.2.3-SNAPSHOT</version>
25 |         <relativePath>../pom.xml</relativePath>
26 |     </parent>
27 | 
28 |     <artifactId>graphql-common</artifactId>
29 |     <packaging>jar</packaging>
30 |     <name>graphql-common</name>
31 |     <description>A shared utility module for GraphQL</description>
32 | 
33 |     <dependencies>
34 |         <dependency>
35 |             <groupId>com.networknt</groupId>
36 |             <artifactId>config</artifactId>
37 |         </dependency>
38 |         <dependency>
39 |             <groupId>com.networknt</groupId>
40 |             <artifactId>service</artifactId>
41 |         </dependency>
42 |         <dependency>
43 |             <groupId>com.graphql-java</groupId>
44 |             <artifactId>graphql-java</artifactId>
45 |         </dependency>
46 |         <dependency>
47 |             <groupId>io.undertow</groupId>
48 |             <artifactId>undertow-core</artifactId>
49 |         </dependency>
50 |         <dependency>
51 |             <groupId>org.slf4j</groupId>
52 |             <artifactId>slf4j-api</artifactId>
53 |         </dependency>
54 | 
55 |         <dependency>
56 |             <groupId>ch.qos.logback</groupId>
57 |             <artifactId>logback-classic</artifactId>
58 |             <scope>test</scope>
59 |         </dependency>
60 |         <dependency>
61 |             <groupId>junit</groupId>
62 |             <artifactId>junit</artifactId>
63 |             <scope>test</scope>
64 |         </dependency>
65 |     </dependencies>
66 | 
67 | </project>
68 | 


--------------------------------------------------------------------------------
/graphql-common/src/main/java/com/networknt/graphql/common/GraphqlConfig.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.common;
 2 | 
 3 | /**
 4 |  * Main configuration class for graphql framework that defines the path for
 5 |  * graphql endpoint and if GraphiQL is enabled or not.
 6 |  *
 7 |  * @author Steve Hu
 8 |  */
 9 | public class GraphqlConfig {
10 |     private String path;
11 |     private String subscriptionsPath;
12 |     private boolean enableGraphiQL;
13 | 
14 |     public GraphqlConfig() {
15 |     }
16 | 
17 |     public String getPath() {
18 |         return path;
19 |     }
20 | 
21 |     public void setPath(String path) {
22 |         this.path = path;
23 |     }
24 | 
25 |     public boolean isEnableGraphiQL() {
26 |         return enableGraphiQL;
27 |     }
28 | 
29 |     public void setEnableGraphiQL(boolean enableGraphiQL) {
30 |         this.enableGraphiQL = enableGraphiQL;
31 |     }
32 | 
33 |     public String getSubscriptionsPath() {
34 |         return subscriptionsPath;
35 |     }
36 | 
37 |     public void setSubscriptionsPath(String subscriptionsPath) {
38 |         this.subscriptionsPath = subscriptionsPath;
39 |     }
40 | }
41 | 


--------------------------------------------------------------------------------
/graphql-common/src/main/java/com/networknt/graphql/common/GraphqlConstants.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.common;
 2 | 
 3 | public class GraphqlConstants {
 4 | 
 5 |     public static class GraphqlRouterConstants {
 6 |         public static final String GRAPHQL_WS_SUBPROTOCOL = "graphql-ws";
 7 | 
 8 |         public static final String GRAPHQL_RESPONSE_DATA_KEY = "data";
 9 |         public static final String GRAPHQL_RESPONSE_ERROR_KEY = "errors";
10 |         public static final String GRAPHQL_RESPONSE_PAYLOAD_KEY = "payload";
11 | 
12 |         public static final String GRAPHQL_REQUEST_QUERY_KEY = "query";
13 |         public static final String GRAPHQL_REQUEST_VARIABLES_KEY = "variables";
14 |         public static final String GRAPHQL_REQUEST_OP_NAME_KEY = "operationName";
15 |     }
16 | 
17 |     public static class GraphqlSubscriptionConstants {
18 |         public static final String GRAPHQL_REQ_TYPE_KEY = "type";
19 |         public static final String GRAPHQL_OP_ID_KEY = "id";
20 | 
21 |         // Taken from subscription-transport-ws@0.9.5
22 |         public static final String GQL_CONNECTION_INIT = "connection_init";
23 |         public static final String GQL_CONNECTION_ACK = "connection_ack";
24 |         public static final String GQL_CONNECTION_ERROR = "connection_error";
25 |         public static final String GQL_CONNECTION_KEEP_ALIVE = "ka";
26 |         public static final String GQL_CONNECTION_TERMINATE = "connection_terminate";
27 |         public static final String GQL_START = "start";
28 |         public static final String GQL_DATA = "data";
29 |         public static final String GQL_ERROR = "error";
30 |         public static final String GQL_COMPLETE = "complete";
31 |         public static final String GQL_STOP = "stop";
32 |         public static final String SUBSCRIPTION_START = "subscription_start";
33 |         public static final String SUBSCRIPTION_DATA = "subscription_data";
34 |         public static final String SUBSCRIPTION_SUCCESS = "subscription_success";
35 |         public static final String SUBSCRIPTION_FAIL = "subscription_fail";
36 |         public static final String SUBSCRIPTION_END = "subscription_end";
37 |         public static final String INIT = "init";
38 |         public static final String INIT_SUCCESS = "init_success";
39 |         public static final String INIT_FAIL = "init_fail";
40 |         public static final String KEEP_ALIVE = "keepalive";
41 |     }
42 | 
43 | }
44 | 


--------------------------------------------------------------------------------
/graphql-common/src/main/java/com/networknt/graphql/common/GraphqlUtil.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.common;
 2 | 
 3 | import com.networknt.config.Config;
 4 | import io.undertow.util.AttachmentKey;
 5 | 
 6 | /**
 7 |  * A utility class that contains some static variables and static methods shared
 8 |  * by all other modules.
 9 |  *
10 |  * @author Steve Hu
11 |  */
12 | public class GraphqlUtil {
13 |     public static final String CONFIG_NAME = "graphql";
14 | 
15 |     public static final AttachmentKey<Object> GRAPHQL_PARAMS = AttachmentKey.create(Object.class);
16 | 
17 |     public static GraphqlConfig config = (GraphqlConfig) Config.getInstance().getJsonObjectConfig(CONFIG_NAME, GraphqlConfig.class);
18 | }
19 | 


--------------------------------------------------------------------------------
/graphql-common/src/main/java/com/networknt/graphql/common/InstrumentationLoader.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.common;
 2 | 
 3 | import com.networknt.service.SingletonServiceFactory;
 4 | import graphql.execution.instrumentation.Instrumentation;
 5 | 
 6 | 
 7 | /**
 8 |  * @author Nicholas Azar
 9 |  * Created on April 09, 2018
10 |  */
11 | public class InstrumentationLoader {
12 | 
13 |     public static Instrumentation graphqlInstrumentation;
14 |     public static Instrumentation graphqlSubscriptionInstrumentation;
15 | 
16 |     static {
17 |         InstrumentationProvider instrumentationProvider = SingletonServiceFactory.getBean(InstrumentationProvider.class);
18 |         if (instrumentationProvider != null) {
19 |             graphqlInstrumentation = instrumentationProvider.getGraphqlInstrumentation();
20 |             graphqlSubscriptionInstrumentation = instrumentationProvider.getGraphqlSubscriptionInstrumentation();
21 |         }
22 |     }
23 | }
24 | 


--------------------------------------------------------------------------------
/graphql-common/src/main/java/com/networknt/graphql/common/InstrumentationProvider.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.common;
 2 | 
 3 | 
 4 | import graphql.execution.instrumentation.Instrumentation;
 5 | 
 6 | /**
 7 |  * @author Nicholas Azar
 8 |  * Created on April 9, 2018
 9 |  */
10 | public interface InstrumentationProvider {
11 |     Instrumentation getGraphqlInstrumentation();
12 |     Instrumentation getGraphqlSubscriptionInstrumentation();
13 | }
14 | 


--------------------------------------------------------------------------------
/graphql-common/src/main/resources/config/graphql.yml:
--------------------------------------------------------------------------------
 1 | # GraphQL configuration
 2 | ---
 3 | # The path of GraphQL endpoint for both GET and POST
 4 | path: /graphql
 5 | 
 6 | # Enable GraphiQL for development environment only. It will allow you to test from your Browser.
 7 | enableGraphiQL: true
 8 | 
 9 | # Path to the websocket endpoint to handle subscription requests.
10 | subscriptionsPath: /subscriptions
11 | 


--------------------------------------------------------------------------------
/graphql-common/src/test/java/com/networknt/graphql/common/GraphqlUtilTest.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.common;
 2 | 
 3 | import org.junit.Test;
 4 | 
 5 | /**
 6 |  * A unit test class for GraphqlUtil
 7 |  *
 8 |  * @author Steve Hu
 9 |  */
10 | public class GraphqlUtilTest {
11 |     @Test
12 |     public void TestVoid() {
13 | 
14 |     }
15 | }
16 | 


--------------------------------------------------------------------------------
/graphql-common/src/test/resources/logback-test.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!--
 3 |   ~ Copyright (c) 2016 Network New Technologies Inc.
 4 |   ~
 5 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
 6 |   ~ You may not use this file except in compliance with the License.
 7 |   ~ You may obtain a copy of the License at
 8 |   ~
 9 |   ~      http://www.apache.org/licenses/LICENSE-2.0
10 |   ~
11 |   ~ Unless required by applicable law or agreed to in writing, software
12 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
13 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |   ~ See the License for the specific language governing permissions and
15 |   ~ limitations under the License.
16 |   -->
17 | 
18 | <configuration>
19 |     TODO create logger for audit only.
20 |     http://stackoverflow.com/questions/2488558/logback-to-log-different-messages-to-two-files
21 |     <turboFilter class="ch.qos.logback.classic.turbo.MarkerFilter">
22 |         <Marker>PROFILER</Marker>
23 |         <!--<OnMatch>DENY</OnMatch>-->
24 |         <OnMatch>NEUTRAL</OnMatch>
25 |     </turboFilter>
26 | 
27 |     <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
28 |     <!-- encoders are assigned the type
29 |          ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
30 |         <encoder>
31 |             <pattern>%d{HH:mm:ss.SSS} [%thread] %-5marker %-5level %logger{36} - %msg%n</pattern>
32 |         </encoder>
33 |     </appender>
34 | 
35 |     <appender name="log" class="ch.qos.logback.core.FileAppender">
36 |         <File>target/test.log</File>
37 |         <Append>false</Append>
38 |         <layout class="ch.qos.logback.classic.PatternLayout">
39 |             <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %class{36}:%L %M - %msg%n</Pattern>
40 |         </layout>
41 |     </appender>
42 | 
43 |     <!--audit log-->
44 |     <appender name="audit" class="ch.qos.logback.core.rolling.RollingFileAppender">
45 |         <file>target/audit.log</file> <!-- logfile location -->
46 |         <encoder>
47 |             <pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern> <!-- the layout pattern used to format log entries -->
48 |             <immediateFlush>true</immediateFlush>
49 |         </encoder>
50 |         <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
51 |             <fileNamePattern>target/audit.log.%i.zip</fileNamePattern>
52 |             <minIndex>1</minIndex>
53 |             <maxIndex>5</maxIndex> <!-- max number of archived logs that are kept -->
54 |         </rollingPolicy>
55 |         <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
56 |             <maxFileSize>200MB</maxFileSize> <!-- The size of the logfile that triggers a switch to a new logfile, and the current one archived -->
57 |         </triggeringPolicy>
58 |     </appender>
59 | 
60 |     <root level="trace">
61 |         <appender-ref ref="stdout" />
62 |     </root>
63 | 
64 |     <logger name="com.networknt" level="trace">
65 |         <appender-ref ref="log"/>
66 |     </logger>
67 | 
68 |     <logger name="Audit" level="trace" additivity="false">
69 |         <appender-ref ref="audit"/>
70 |     </logger>
71 | 
72 | </configuration>
73 | 


--------------------------------------------------------------------------------
/graphql-router/pom.xml:
--------------------------------------------------------------------------------
  1 | <!--
  2 |   ~ Copyright (c) 2016 Network New Technologies Inc.
  3 |   ~
  4 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
  5 |   ~ You may not use this file except in compliance with the License.
  6 |   ~ You may obtain a copy of the License at
  7 |   ~
  8 |   ~      http://www.apache.org/licenses/LICENSE-2.0
  9 |   ~
 10 |   ~ Unless required by applicable law or agreed to in writing, software
 11 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 12 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   ~ See the License for the specific language governing permissions and
 14 |   ~ limitations under the License.
 15 |   -->
 16 | 
 17 | <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
 18 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 19 |     <modelVersion>4.0.0</modelVersion>
 20 | 
 21 |     <parent>
 22 |         <groupId>com.networknt</groupId>
 23 |         <artifactId>light-graphql-4j</artifactId>
 24 |         <version>2.2.3-SNAPSHOT</version>
 25 |         <relativePath>../pom.xml</relativePath>
 26 |     </parent>
 27 | 
 28 |     <artifactId>graphql-router</artifactId>
 29 |     <packaging>jar</packaging>
 30 |     <name>graphql-router</name>
 31 |     <description>A route handler for GraphQL endpoint</description>
 32 | 
 33 |     <dependencies>
 34 |         <dependency>
 35 |             <groupId>com.networknt</groupId>
 36 |             <artifactId>graphql-common</artifactId>
 37 |         </dependency>
 38 |         <dependency>
 39 |             <groupId>com.networknt</groupId>
 40 |             <artifactId>config</artifactId>
 41 |         </dependency>
 42 |         <dependency>
 43 |             <groupId>com.networknt</groupId>
 44 |             <artifactId>server</artifactId>
 45 |         </dependency>
 46 |         <dependency>
 47 |             <groupId>com.networknt</groupId>
 48 |             <artifactId>handler</artifactId>
 49 |         </dependency>
 50 |         <dependency>
 51 |             <groupId>com.networknt</groupId>
 52 |             <artifactId>info</artifactId>
 53 |         </dependency>
 54 |         <dependency>
 55 |             <groupId>com.networknt</groupId>
 56 |             <artifactId>service</artifactId>
 57 |         </dependency>
 58 |         <dependency>
 59 |             <groupId>com.networknt</groupId>
 60 |             <artifactId>utility</artifactId>
 61 |         </dependency>
 62 |         <dependency>
 63 |             <groupId>com.networknt</groupId>
 64 |             <artifactId>status</artifactId>
 65 |         </dependency>
 66 |         <dependency>
 67 |             <groupId>io.undertow</groupId>
 68 |             <artifactId>undertow-core</artifactId>
 69 |         </dependency>
 70 |         <dependency>
 71 |             <groupId>com.fasterxml.jackson.core</groupId>
 72 |             <artifactId>jackson-databind</artifactId>
 73 |         </dependency>
 74 |         <dependency>
 75 |             <groupId>org.slf4j</groupId>
 76 |             <artifactId>slf4j-api</artifactId>
 77 |         </dependency>
 78 |         <dependency>
 79 |             <groupId>com.graphql-java</groupId>
 80 |             <artifactId>graphql-java</artifactId>
 81 |         </dependency>
 82 | 
 83 |         <dependency>
 84 |             <groupId>ch.qos.logback</groupId>
 85 |             <artifactId>logback-classic</artifactId>
 86 |             <scope>test</scope>
 87 |         </dependency>
 88 |         <dependency>
 89 |             <groupId>junit</groupId>
 90 |             <artifactId>junit</artifactId>
 91 |             <scope>test</scope>
 92 |         </dependency>
 93 |     </dependencies>
 94 | 
 95 |     <!--<build>-->
 96 |         <!--<plugins>-->
 97 |             <!--<plugin>-->
 98 |                 <!--<artifactId>maven-resources-plugin</artifactId>-->
 99 |                 <!--<version>3.0.2</version>-->
100 |                 <!--<executions>-->
101 |                     <!--<execution>-->
102 |                         <!--<id>copy-resources</id>-->
103 |                         <!--&lt;!&ndash; here the phase you need &ndash;&gt;-->
104 |                         <!--<phase>validate</phase>-->
105 |                         <!--<goals>-->
106 |                             <!--<goal>copy-resources</goal>-->
107 |                         <!--</goals>-->
108 |                         <!--<configuration>-->
109 |                             <!--<outputDirectory>${basedir}/target/extra-resources</outputDirectory>-->
110 |                             <!--<resources>-->
111 |                                 <!--<resource>-->
112 |                                     <!--<directory>src/non-packaged-resources</directory>-->
113 |                                     <!--<filtering>true</filtering>-->
114 |                                 <!--</resource>-->
115 |                             <!--</resources>-->
116 |                         <!--</configuration>-->
117 |                     <!--</execution>-->
118 |                 <!--</executions>-->
119 |             <!--</plugin>-->
120 |         <!--</plugins>-->
121 |     <!--</build>-->
122 | 
123 | </project>
124 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/ExecutionStrategyProvider.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router;
 2 | 
 3 | import graphql.execution.ExecutionStrategy;
 4 | 
 5 | /**
 6 |  * ExecutionStrategyProvider interface that is used to inject execution strategy
 7 |  * implementations into the framework. The service module will pass these on to
 8 |  * the graphql-java framework.
 9 |  *
10 |  * @author Logi Ragnarsson
11 |  */
12 | public interface ExecutionStrategyProvider {
13 | 
14 |     /**
15 |      * Return an execution strategy to use for queries or null to use the default.
16 |      * @return ExecutionStrategy a query execution strategy
17 |      */
18 |     ExecutionStrategy getQueryExecutionStrategy();
19 | 
20 |     /**
21 |      * Return an execution strategy to use for mutations or null to use the default.
22 |      * @return ExecutionStrategy a mutation execution strategy
23 |      */
24 |     ExecutionStrategy getMutationExecutionStrategy();
25 | 
26 |     /**
27 |      * Return an execution strategy to use for subscriptions or null to use the default.
28 |      * @return ExecutionStrategy a subscription execution strategy
29 |      */
30 |     ExecutionStrategy getSubscriptionExecutionStrategy();
31 | }
32 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/GraphqlCustomHandler.java:
--------------------------------------------------------------------------------
1 | package com.networknt.graphql.router;
2 | 
3 | import graphql.ExecutionResult;
4 | import io.undertow.server.HttpServerExchange;
5 | 
6 | public interface GraphqlCustomHandler {
7 |     void handleResponse(HttpServerExchange exchange, ExecutionResult result);
8 | }
9 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/GraphqlEndpointSource.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router;
 2 | 
 3 | import com.networknt.graphql.common.GraphqlUtil;
 4 | import com.networknt.handler.config.EndpointSource;
 5 | import org.slf4j.Logger;
 6 | import org.slf4j.LoggerFactory;
 7 | 
 8 | import java.util.Arrays;
 9 | 
10 | /**
11 |  * Lists standard GraphQl endpoints at /graphql (or as reconfigured in Graphql.config)
12 |  */
13 | public class GraphqlEndpointSource implements EndpointSource {
14 | 
15 |     private static final Logger log = LoggerFactory.getLogger(GraphqlEndpointSource.class);
16 | 
17 |     @Override
18 |     public Iterable<Endpoint> listEndpoints() {
19 |         String graphqlPath = GraphqlUtil.config.getPath();
20 |         if(log.isInfoEnabled()) log.info("Generating " + graphqlPath + " from graphql.yml");
21 |         return Arrays.asList(
22 |             new Endpoint(graphqlPath, "GET"),
23 |             new Endpoint(graphqlPath, "POST"),
24 |             new Endpoint(graphqlPath, "OPTIONS")
25 |             // The subscriptions websocket endpoint does not need to be listed
26 |         );
27 |     }
28 | }
29 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/GraphqlRouter.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router;
 2 | 
 3 | import com.networknt.graphql.common.GraphqlUtil;
 4 | import com.networknt.graphql.router.handlers.GraphqlPathHandler;
 5 | import com.networknt.graphql.router.handlers.GraphqlSubscriptionHandler;
 6 | import com.networknt.handler.HandlerProvider;
 7 | import io.undertow.server.HttpHandler;
 8 | import io.undertow.websockets.WebSocketConnectionCallback;
 9 | import io.undertow.websockets.WebSocketProtocolHandshakeHandler;
10 | import io.undertow.websockets.core.protocol.Handshake;
11 | import io.undertow.websockets.core.protocol.version07.Hybi07Handshake;
12 | import io.undertow.websockets.core.protocol.version08.Hybi08Handshake;
13 | import io.undertow.websockets.core.protocol.version13.Hybi13Handshake;
14 | import io.undertow.websockets.extensions.ExtensionHandshake;
15 | import io.undertow.websockets.extensions.PerMessageDeflateHandshake;
16 | 
17 | import java.util.HashSet;
18 | import java.util.Set;
19 | 
20 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants;
21 | import static io.undertow.Handlers.path;
22 | 
23 | /**
24 |  * Router of the graphql request to map different handlers.
25 |  *
26 |  * @author Steve Hu
27 |  */
28 | public class GraphqlRouter implements HandlerProvider {
29 | 
30 | 
31 |     @Override
32 |     public HttpHandler getHandler() {
33 |         ExtensionHandshake extensionHandshake = new PerMessageDeflateHandshake();
34 | 
35 |         WebSocketConnectionCallback webSocketConnectionCallback = new GraphqlSubscriptionHandler();
36 |         HttpHandler websocketHttpHandler = new WebSocketProtocolHandshakeHandler(buildHandshakeset(),
37 |                 webSocketConnectionCallback).addExtension(extensionHandshake);
38 | 
39 |         return path()
40 |                 .addPrefixPath(GraphqlUtil.config.getPath(), new GraphqlPathHandler())
41 |                 .addPrefixPath(GraphqlUtil.config.getSubscriptionsPath(), websocketHttpHandler);
42 |     }
43 | 
44 |     /**
45 |      * For meeting specification of the general websocket protocol, we are required to supply the supported subprotocols
46 |      * when requested.
47 |      * @return
48 |      */
49 |     private Set<Handshake> buildHandshakeset() {
50 |         Set<Handshake> handshakeSet = new HashSet<>();
51 |         Set<String> subprotocols = new HashSet<>();
52 |         subprotocols.add(GraphqlRouterConstants.GRAPHQL_WS_SUBPROTOCOL);
53 |         handshakeSet.add(new Hybi13Handshake(subprotocols, true));
54 |         handshakeSet.add(new Hybi07Handshake(subprotocols, true));
55 |         handshakeSet.add(new Hybi08Handshake(subprotocols, true));
56 |         return handshakeSet;
57 |     }
58 | }
59 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/RenderGraphiQL.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router;
 2 | 
 3 | import com.networknt.config.Config;
 4 | import com.networknt.utility.Util;
 5 | 
 6 | import java.util.HashMap;
 7 | import java.util.Map;
 8 | 
 9 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_OP_NAME_KEY;
10 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_QUERY_KEY;
11 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_VARIABLES_KEY;
12 | 
13 | /**
14 |  * GraphiQL implementation
15 |  *
16 |  * @author Steve Hu
17 |  */
18 | public class RenderGraphiQL {
19 | 
20 |     public static String render(Map<String, Object> parameters, String result) {
21 |         Map<String, String> variables = new HashMap<>();
22 |         Config config = Config.getInstance();
23 |         String graphiqlTemplate = config.getStringFromFile("graphiql.html");
24 |         String graphiqlSubscriptionsFetcher = config.getStringFromFile("graphiql-subscriptions-fetcher.js");
25 |         variables.put("GRAPHIQL_SUBSCRIPTION_FETCHER", graphiqlSubscriptionsFetcher);
26 | 
27 |         variables.put("queryString", (String)parameters.get(GRAPHQL_REQUEST_QUERY_KEY));
28 |         variables.put("resultString", result);
29 |         variables.put("variablesString", (String)parameters.get(GRAPHQL_REQUEST_VARIABLES_KEY));
30 |         variables.put("operationName", (String)parameters.get(GRAPHQL_REQUEST_OP_NAME_KEY));
31 |         return Util.substituteVariables(graphiqlTemplate, variables);
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/SchemaProvider.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router;
 2 | 
 3 | import graphql.schema.GraphQLSchema;
 4 | 
 5 | /**
 6 |  * SchemaProvider interface that is used to inject schema implementation to the
 7 |  * framework. The service module is responsible to inject implementation for each
 8 |  * application.
 9 |  *
10 |  * @author Steve Hu
11 |  */
12 | public interface SchemaProvider {
13 |     GraphQLSchema getSchema();
14 | }
15 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/handlers/GraphqlGetHandler.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router.handlers;
 2 | 
 3 | import com.networknt.graphql.common.GraphqlUtil;
 4 | import com.networknt.graphql.router.RenderGraphiQL;
 5 | import io.undertow.server.HttpHandler;
 6 | import io.undertow.server.HttpServerExchange;
 7 | import io.undertow.util.Headers;
 8 | import io.undertow.util.StatusCodes;
 9 | import org.slf4j.Logger;
10 | import org.slf4j.LoggerFactory;
11 | 
12 | import java.util.Map;
13 | 
14 | /**
15 |  * This is the handler to handle graphql get request.
16 |  *
17 |  * @author Steve Hu
18 |  */
19 | public class GraphqlGetHandler implements HttpHandler {
20 | 
21 |     private static final Logger logger = LoggerFactory.getLogger(GraphqlGetHandler.class);
22 | 
23 |     @Override
24 |     public void handleRequest(HttpServerExchange exchange) {
25 |         @SuppressWarnings("unchecked")
26 |         Map<String, Object> requestParameters = (Map<String, Object>)exchange.getAttachment(GraphqlUtil.GRAPHQL_PARAMS);
27 |         if(logger.isDebugEnabled()) logger.debug("requestParameters: " + requestParameters);
28 |         String graphiql = RenderGraphiQL.render(requestParameters, null);
29 |         exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/html; charset=UTF-8");
30 |         exchange.setStatusCode(StatusCodes.OK);
31 |         exchange.getResponseSender().send(graphiql);
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/handlers/GraphqlOptionsHandler.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router.handlers;
 2 | 
 3 | import com.fasterxml.jackson.core.JsonProcessingException;
 4 | import com.networknt.config.Config;
 5 | import com.networknt.graphql.common.GraphqlConstants;
 6 | import com.networknt.graphql.common.GraphqlUtil;
 7 | import com.networknt.graphql.router.SchemaProvider;
 8 | import com.networknt.service.SingletonServiceFactory;
 9 | import graphql.ExecutionInput;
10 | import graphql.ExecutionResult;
11 | import graphql.GraphQL;
12 | import graphql.introspection.IntrospectionQuery;
13 | import graphql.schema.GraphQLSchema;
14 | import io.undertow.server.HttpHandler;
15 | import io.undertow.server.HttpServerExchange;
16 | import io.undertow.util.StatusCodes;
17 | import org.slf4j.Logger;
18 | import org.slf4j.LoggerFactory;
19 | 
20 | import java.util.HashMap;
21 | import java.util.Map;
22 | 
23 | /**
24 |  * Handle introspection queries issued using the http OPTIONS request method.
25 |  *
26 |  * @author Nicholas Azar
27 |  */
28 | public class GraphqlOptionsHandler implements HttpHandler {
29 | 
30 |     private static final Logger logger = LoggerFactory.getLogger(GraphqlOptionsHandler.class);
31 |     static GraphQLSchema schema = null;
32 | 
33 |     static {
34 |         // load GraphQL Schema with service loader. It should be defined in service.yml
35 |         SchemaProvider schemaProvider = SingletonServiceFactory.getBean(SchemaProvider.class);
36 |         if(schemaProvider != null) {
37 |             schema = schemaProvider.getSchema();
38 |         }
39 |         if (schema == null) {
40 |             logger.error("Unable to load GraphQL schema - no SchemaProvider implementation in service.yml");
41 |             throw new RuntimeException("Unable to load GraphQL schema - no SchemaProvider implementation in service.yml");
42 |         }
43 |     }
44 | 
45 |     /**
46 |      * For introspection queries, we execute the built in query supplied in graphql-java without any parameters.
47 |      *
48 |      * @param httpServerExchange exchange
49 |      * @throws JsonProcessingException json processing exception
50 |      */
51 |     @Override
52 |     public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
53 | 
54 |         Map<String, Object> result = new HashMap<>();
55 |         GraphQL graphQL = GraphQL.newGraphQL(schema).build();
56 |         ExecutionInput executionInput = ExecutionInput.newExecutionInput()
57 |                 .query(IntrospectionQuery.INTROSPECTION_QUERY).build();
58 |         ExecutionResult executionResult = graphQL.execute(executionInput);
59 |         result.put(GraphqlConstants.GraphqlRouterConstants.GRAPHQL_RESPONSE_DATA_KEY, executionResult.getData());
60 |         httpServerExchange.setStatusCode(StatusCodes.OK);
61 |         httpServerExchange.getResponseSender().send(Config.getInstance().getMapper().writeValueAsString(result));
62 |     }
63 | }
64 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/handlers/GraphqlPathHandler.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router.handlers;
 2 | 
 3 | import io.undertow.server.HttpHandler;
 4 | import io.undertow.server.HttpServerExchange;
 5 | import io.undertow.util.Methods;
 6 | 
 7 | /**
 8 |  * Map requests that come into the /graphql path to the appropriate handler by the used request method.
 9 |  *
10 |  * @author Nicholas Azar
11 |  */
12 | public class GraphqlPathHandler implements HttpHandler {
13 | 
14 |     // create handler instances here so that one one instance is created.
15 |     GraphqlGetHandler graphqlGetHandler = new GraphqlGetHandler();
16 |     GraphqlPostHandler graphqlPostHandler = new GraphqlPostHandler();
17 |     GraphqlOptionsHandler graphqlOptionsHandler = new GraphqlOptionsHandler();
18 | 
19 |     /**
20 |      * Map requests that come to the graphql endpoint within graphql.yml to either GET or POST.
21 |      */
22 |     @Override
23 |     public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
24 |         if (Methods.GET.equals(httpServerExchange.getRequestMethod())) {
25 |             // Get will return the rendered graphiql content.
26 |             graphqlGetHandler.handleRequest(httpServerExchange);
27 |         } else if (Methods.POST.equals(httpServerExchange.getRequestMethod())) {
28 |             // Post will return results from graphql queries.
29 |             graphqlPostHandler.handleRequest(httpServerExchange);
30 |         } else if (Methods.OPTIONS.equals(httpServerExchange.getRequestMethod())) {
31 |             // Option will return introspection queries.
32 |             graphqlOptionsHandler.handleRequest(httpServerExchange);
33 |         } else {
34 |             throw new Exception(String.format("Unsupported request method %s", httpServerExchange.getRequestMethod().toString()));
35 |         }
36 |     }
37 | }
38 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/handlers/GraphqlPostHandler.java:
--------------------------------------------------------------------------------
  1 | package com.networknt.graphql.router.handlers;
  2 | 
  3 | import com.networknt.config.Config;
  4 | import com.networknt.graphql.common.GraphqlUtil;
  5 | import com.networknt.graphql.router.ExecutionStrategyProvider;
  6 | import com.networknt.graphql.common.InstrumentationLoader;
  7 | import com.networknt.graphql.router.GraphqlCustomHandler;
  8 | import com.networknt.graphql.router.SchemaProvider;
  9 | import com.networknt.service.SingletonServiceFactory;
 10 | import com.networknt.status.Status;
 11 | import graphql.ExecutionInput;
 12 | import graphql.ExecutionResult;
 13 | import graphql.GraphQL;
 14 | import graphql.execution.ExecutionStrategy;
 15 | import graphql.schema.GraphQLSchema;
 16 | import io.undertow.server.HttpHandler;
 17 | import io.undertow.server.HttpServerExchange;
 18 | import io.undertow.util.Headers;
 19 | import io.undertow.util.StatusCodes;
 20 | import org.slf4j.Logger;
 21 | import org.slf4j.LoggerFactory;
 22 | 
 23 | import java.util.HashMap;
 24 | import java.util.Map;
 25 | 
 26 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_OP_NAME_KEY;
 27 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_QUERY_KEY;
 28 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_VARIABLES_KEY;
 29 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_RESPONSE_DATA_KEY;
 30 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_RESPONSE_ERROR_KEY;
 31 | 
 32 | /**
 33 |  * GraphQL post request handler
 34 |  *
 35 |  * @author Steve Hu
 36 |  */
 37 | public class GraphqlPostHandler implements HttpHandler {
 38 |     private static final String STATUS_GRAPHQL_MISSING_QUERY = "ERR11502";
 39 | 
 40 |     private static final Logger logger = LoggerFactory.getLogger(GraphqlPostHandler.class);
 41 |     static GraphQLSchema schema = null;
 42 |     static ExecutionStrategy queryExecutionStrategy = null;
 43 |     static ExecutionStrategy mutationExecutionStrategy = null;
 44 |     static ExecutionStrategy subscriptionExecutionStrategy = null;
 45 |     static GraphqlCustomHandler customHandler = null;
 46 | 
 47 |     static {
 48 |         // load GraphQL Schema with service loader. It should be defined in service.yml
 49 |         SchemaProvider schemaProvider = SingletonServiceFactory.getBean(SchemaProvider.class);
 50 |         if(schemaProvider != null) {
 51 |             schema = schemaProvider.getSchema();
 52 |         }
 53 |         if (schema == null) {
 54 |             logger.error("Unable to load GraphQL schema - no SchemaProvider implementation in service.yml");
 55 |             throw new RuntimeException("Unable to load GraphQL schema - no SchemaProvider implementation in service.yml");
 56 |         }
 57 |         GraphqlCustomHandler handler = SingletonServiceFactory.getBean(GraphqlCustomHandler.class);
 58 |         if(handler != null ){
 59 |             customHandler = handler;
 60 |         }
 61 | 
 62 |         // Replace default execution strategies if so configured.
 63 |         ExecutionStrategyProvider executionStrategyProvider = SingletonServiceFactory.getBean(ExecutionStrategyProvider.class);
 64 |         if(executionStrategyProvider != null) {
 65 |             queryExecutionStrategy = executionStrategyProvider.getQueryExecutionStrategy();
 66 |             mutationExecutionStrategy = executionStrategyProvider.getMutationExecutionStrategy();
 67 |             subscriptionExecutionStrategy = executionStrategyProvider.getSubscriptionExecutionStrategy();
 68 |         }
 69 |     }
 70 | 
 71 |     @Override
 72 |     public void handleRequest(HttpServerExchange exchange) throws Exception {
 73 |         // get the request parameters as a Map<String, Object>
 74 |         @SuppressWarnings("unchecked")
 75 |         Map<String, Object> requestParameters = (Map<String, Object>)exchange.getAttachment(GraphqlUtil.GRAPHQL_PARAMS);
 76 |         if(logger.isDebugEnabled()) logger.debug("requestParameters: " + requestParameters);
 77 | 
 78 |         GraphQL graphQL = this.getGraphql();
 79 |         String query = (String)requestParameters.get(GRAPHQL_REQUEST_QUERY_KEY);
 80 |         if(query == null) {
 81 |             Status status = new Status(STATUS_GRAPHQL_MISSING_QUERY);
 82 |             exchange.setStatusCode(status.getStatusCode());
 83 |             exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
 84 |             exchange.getResponseSender().send(status.toString());
 85 |             logger.error(status.toString());
 86 |             return;
 87 |         }
 88 |         @SuppressWarnings("unchecked")
 89 |         Map<String, Object> variables = (Map<String, Object>)requestParameters.get(GRAPHQL_REQUEST_VARIABLES_KEY);
 90 |         if(variables == null) {
 91 |             variables = new HashMap<>();
 92 |         }
 93 |         String operationName = (String)requestParameters.get(GRAPHQL_REQUEST_OP_NAME_KEY);
 94 |         ExecutionInput executionInput = ExecutionInput.newExecutionInput().query(query).operationName(operationName).context(exchange).root(exchange).variables(variables).build();
 95 |         ExecutionResult executionResult = graphQL.execute(executionInput);
 96 |         if (customHandler != null) {
 97 |             customHandler.handleResponse(exchange, executionResult);
 98 |         } else {
 99 |             Map<String, Object> result = new HashMap<>();
100 |             if (executionResult.getErrors().size() > 0) {
101 |                 result.put(GRAPHQL_RESPONSE_ERROR_KEY, executionResult.getErrors());
102 |                 logger.error("Errors: {}", executionResult.getErrors());
103 |             } else {
104 |                 result.put(GRAPHQL_RESPONSE_DATA_KEY, executionResult.getData());
105 |             }
106 |             exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
107 |             exchange.setStatusCode(StatusCodes.OK);
108 |             exchange.getResponseSender().send(Config.getInstance().getMapper().writeValueAsString(result));
109 |         }
110 |     }
111 | 
112 |     private GraphQL getGraphql() {
113 |         GraphQL.Builder graphql = GraphQL.newGraphQL(schema);
114 |         if (InstrumentationLoader.graphqlInstrumentation != null) {
115 |             graphql = graphql.instrumentation(InstrumentationLoader.graphqlInstrumentation);
116 |         }
117 |         if(queryExecutionStrategy != null) {
118 |             graphql.queryExecutionStrategy(queryExecutionStrategy);
119 |         }
120 |         if(mutationExecutionStrategy != null) {
121 |             graphql.mutationExecutionStrategy(mutationExecutionStrategy);
122 |         }
123 |         if(subscriptionExecutionStrategy != null) {
124 |             graphql.subscriptionExecutionStrategy(subscriptionExecutionStrategy);
125 |         }
126 |         return graphql.build();
127 |     }
128 | }
129 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/handlers/GraphqlSubscriptionHandler.java:
--------------------------------------------------------------------------------
  1 | package com.networknt.graphql.router.handlers;
  2 | 
  3 | import com.fasterxml.jackson.core.JsonProcessingException;
  4 | import com.networknt.config.Config;
  5 | import com.networknt.graphql.common.GraphqlConstants;
  6 | import com.networknt.graphql.common.InstrumentationLoader;
  7 | import com.networknt.graphql.router.models.QueryParameters;
  8 | import graphql.ExecutionInput;
  9 | import graphql.ExecutionResult;
 10 | import graphql.GraphQL;
 11 | import graphql.execution.instrumentation.ChainedInstrumentation;
 12 | import graphql.execution.instrumentation.Instrumentation;
 13 | import graphql.execution.instrumentation.tracing.TracingInstrumentation;
 14 | import graphql.execution.reactive.CompletionStageMappingPublisher;
 15 | import io.undertow.websockets.WebSocketConnectionCallback;
 16 | import io.undertow.websockets.core.AbstractReceiveListener;
 17 | import io.undertow.websockets.core.BufferedTextMessage;
 18 | import io.undertow.websockets.core.StreamSourceFrameChannel;
 19 | import io.undertow.websockets.core.WebSocketChannel;
 20 | import io.undertow.websockets.core.WebSockets;
 21 | import io.undertow.websockets.spi.WebSocketHttpExchange;
 22 | import org.reactivestreams.Subscriber;
 23 | import org.reactivestreams.Subscription;
 24 | import org.slf4j.Logger;
 25 | import org.slf4j.LoggerFactory;
 26 | 
 27 | import java.io.IOException;
 28 | import java.util.Collections;
 29 | import java.util.HashMap;
 30 | import java.util.Map;
 31 | import java.util.concurrent.CompletionStage;
 32 | import java.util.concurrent.atomic.AtomicReference;
 33 | 
 34 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlSubscriptionConstants;
 35 | 
 36 | /**
 37 |  * Handles and manages websocket connections for use in graphql subscriptions.
 38 |  *
 39 |  * @author Nicholas Azar
 40 |  */
 41 | public class GraphqlSubscriptionHandler implements WebSocketConnectionCallback {
 42 |     private Logger logger = LoggerFactory.getLogger(GraphqlSubscriptionHandler.class);
 43 | 
 44 |     @Override
 45 |     public void onConnect(WebSocketHttpExchange webSocketHttpExchange, WebSocketChannel webSocketChannel) {
 46 |         webSocketChannel.getReceiveSetter().set(new AbstractReceiveListener() {
 47 | 
 48 |             @Override
 49 |             protected void onError(WebSocketChannel channel, Throwable error) {
 50 |                 if(logger.isDebugEnabled()) logger.debug("Websocket connection error.");
 51 |                 super.onError(channel, error);
 52 |             }
 53 | 
 54 |             @Override
 55 |             protected void onClose(WebSocketChannel webSocketChannel, StreamSourceFrameChannel channel) throws IOException {
 56 |                 if(logger.isDebugEnabled()) logger.debug("Websocket connection close.");
 57 |                 super.onClose(webSocketChannel, channel);
 58 |             }
 59 | 
 60 |             /**
 61 |              * Responsible for parsing the different types of requests and generating appropriate responses.
 62 |              *
 63 |              * @param channel
 64 |              * @param message
 65 |              * @throws IOException
 66 |              */
 67 |             @Override
 68 |             protected void onFullTextMessage(WebSocketChannel channel, BufferedTextMessage message) throws IOException {
 69 |                 String messageData = message.getData();
 70 |                 if(logger.isDebugEnabled()) logger.debug("Message = " + messageData);
 71 |                 Map inputData = Config.getInstance().getMapper().readValue(messageData, Map.class);
 72 | 
 73 |                 String requestType = (String) inputData.get(GraphqlSubscriptionConstants.GRAPHQL_REQ_TYPE_KEY);
 74 |                 // We receive an init when graphiql is initially loaded (no subscription query sent). We
 75 |                 // respond with init success.
 76 |                 if (GraphqlSubscriptionConstants.GQL_CONNECTION_INIT.equals(requestType)) {
 77 |                     sendInitSuccess(channel);
 78 |                 } else if (GraphqlSubscriptionConstants.GQL_START.equals(requestType)) {
 79 |                     String operationId = (String) inputData.get(GraphqlSubscriptionConstants.GRAPHQL_OP_ID_KEY);
 80 |                     ExecutionResult executionResult = getExecutionResult(inputData);
 81 |                     if (executionResult.getErrors() != null && executionResult.getErrors().size() > 0) {
 82 |                         // If we fail to initially get the result, send an error.
 83 |                         sendDataResponse(channel, executionResult, operationId);
 84 |                     } else {
 85 |                         // We successfully got a subscription, send a subscription success.
 86 |                         subscribeToResults(executionResult, channel, operationId);
 87 | //                        sendSubscriptionSuccess(channel, operationId);
 88 |                     }
 89 |                 } else if (GraphqlSubscriptionConstants.GQL_STOP.equals(requestType)) {
 90 |                     // TODO: Client sends this message in order to stop a running GraphQL operation execution (for example: unsubscribe)
 91 |                     logger.warn("GQL_STOP not yet implemented.");
 92 |                 } else {
 93 |                     logger.error("Request type not recognized as supported protocol: " + requestType +
 94 |                             " see https://github.com/apollographql/subscriptions-transport-ws/blob/master/PROTOCOL.md");
 95 |                 }
 96 |             }
 97 |         });
 98 |         webSocketChannel.resumeReceives();
 99 |     }
100 | 
101 |     /**
102 |      * Execute the given query and return the response.
103 |      *
104 |      * @param inputData The input parameters.
105 |      */
106 |     private ExecutionResult getExecutionResult(Map inputData) {
107 |         QueryParameters parameters = QueryParameters.from(inputData);
108 |         ExecutionInput executionInput = ExecutionInput.newExecutionInput()
109 |                 .query(parameters.getQuery())
110 |                 .variables(parameters.getVariables())
111 |                 .build();
112 |         return GraphQL.newGraphQL(GraphqlPostHandler.schema)
113 |                 .instrumentation(getInstrumentation())
114 |                 .build()
115 |                 .execute(executionInput);
116 |     }
117 | 
118 |     /**
119 |      * Helper method to send data to the client.
120 |      */
121 |     private void sendDataResponse(WebSocketChannel channel, ExecutionResult executionResult, String operationId) {
122 |         Map<String, Object> nextPayload = new HashMap<>();
123 |         if (executionResult.getData() != null) {
124 |             nextPayload.put(GraphqlConstants.GraphqlRouterConstants.GRAPHQL_RESPONSE_DATA_KEY, executionResult.getData());
125 |         }
126 |         if (executionResult.getErrors() != null && executionResult.getErrors().size() > 0) {
127 |             nextPayload.put(GraphqlConstants.GraphqlRouterConstants.GRAPHQL_RESPONSE_ERROR_KEY, executionResult.getErrors());
128 |         }
129 | 
130 |         Map<String, Object> result = new HashMap<>();
131 |         result.put(GraphqlSubscriptionConstants.GRAPHQL_OP_ID_KEY, operationId);
132 |         result.put(GraphqlSubscriptionConstants.GRAPHQL_REQ_TYPE_KEY, GraphqlSubscriptionConstants.GQL_DATA);
133 |         result.put(GraphqlConstants.GraphqlRouterConstants.GRAPHQL_RESPONSE_PAYLOAD_KEY, nextPayload);
134 |         try {
135 |             WebSockets.sendText(Config.getInstance().getMapper().writeValueAsString(result), channel, null);
136 |         } catch (JsonProcessingException e) {
137 |             logger.error("Error while processing data response", e);
138 |         }
139 |     }
140 | 
141 |     /**
142 |      * Generic subscription manager to propagate data from the action.
143 |      */
144 |     private void subscribeToResults(ExecutionResult executionResult, WebSocketChannel channel, String operationId) {
145 |         CompletionStageMappingPublisher<ExecutionResult, CompletionStage> mappingPublisher = executionResult.getData();
146 | 
147 |         mappingPublisher.subscribe(new Subscriber<ExecutionResult>() {
148 |             private final AtomicReference<Subscription> subscriptionRef = new AtomicReference<>();
149 | 
150 |             @Override
151 |             public void onSubscribe(Subscription subscription) {
152 |                 subscriptionRef.set(subscription);
153 |                 subscription.request(1);
154 |             }
155 | 
156 |             @Override
157 |             public void onNext(ExecutionResult nextExecutionResult) {
158 |                 sendDataResponse(channel, nextExecutionResult, operationId);
159 |                 subscriptionRef.get().request(1);
160 |             }
161 | 
162 |             @Override
163 |             public void onError(Throwable throwable) {
164 |                 logger.info("Subscription onError", throwable);
165 |                 subscriptionRef.get().cancel();
166 |             }
167 | 
168 |             @Override
169 |             public void onComplete() {
170 |                 logger.info("Subscription onComplete");
171 |                 subscriptionRef.get().cancel();
172 |             }
173 |         });
174 |     }
175 | 
176 |     /**
177 |      * Helper method to respond with init_success
178 |      */
179 |     private void sendInitSuccess(WebSocketChannel channel) throws JsonProcessingException {
180 |         Map<String, Object> outputData = new HashMap<>();
181 |         outputData.put(GraphqlSubscriptionConstants.GRAPHQL_REQ_TYPE_KEY, GraphqlSubscriptionConstants.GQL_CONNECTION_ACK);
182 |         WebSockets.sendText(Config.getInstance().getMapper().writeValueAsString(outputData), channel, null);
183 |     }
184 | 
185 |     /**
186 |      * Check to see if the client has provided instrumentation and use that if they have.
187 |      * Otherwise fall back to TracingInstrumentation.
188 |      */
189 |     private Instrumentation getInstrumentation() {
190 |         if (InstrumentationLoader.graphqlSubscriptionInstrumentation == null) {
191 |             return new ChainedInstrumentation(Collections.singletonList(new TracingInstrumentation()));
192 |         }
193 |         return InstrumentationLoader.graphqlSubscriptionInstrumentation;
194 |     }
195 | }
196 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/handlers/GraphqlSubscriptionWrapper.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router.handlers;
 2 | 
 3 | import com.networknt.graphql.common.GraphqlConstants;
 4 | import com.networknt.handler.LightHttpHandler;
 5 | import io.undertow.server.HttpHandler;
 6 | import io.undertow.server.HttpServerExchange;
 7 | import io.undertow.websockets.WebSocketConnectionCallback;
 8 | import io.undertow.websockets.WebSocketProtocolHandshakeHandler;
 9 | import io.undertow.websockets.core.protocol.Handshake;
10 | import io.undertow.websockets.core.protocol.version07.Hybi07Handshake;
11 | import io.undertow.websockets.core.protocol.version08.Hybi08Handshake;
12 | import io.undertow.websockets.core.protocol.version13.Hybi13Handshake;
13 | import io.undertow.websockets.extensions.ExtensionHandshake;
14 | import io.undertow.websockets.extensions.PerMessageDeflateHandshake;
15 | 
16 | import java.util.HashSet;
17 | import java.util.Set;
18 | 
19 | public class GraphqlSubscriptionWrapper implements LightHttpHandler {
20 |     HttpHandler handler;
21 | 
22 |     public GraphqlSubscriptionWrapper() {
23 |         ExtensionHandshake extensionHandshake = new PerMessageDeflateHandshake();
24 | 
25 |         WebSocketConnectionCallback webSocketConnectionCallback = new GraphqlSubscriptionHandler();
26 |         handler = new WebSocketProtocolHandshakeHandler(buildHandshakeset(),
27 |                 webSocketConnectionCallback).addExtension(extensionHandshake);
28 |     }
29 | 
30 |     @Override
31 |     public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
32 |         handler.handleRequest(httpServerExchange);
33 |     }
34 | 
35 |     /**
36 |      * For meeting specification of the general websocket protocol, we are required to supply the supported subprotocols
37 |      * when requested.
38 |      * @return
39 |      */
40 |     private Set<Handshake> buildHandshakeset() {
41 |         Set<Handshake> handshakeSet = new HashSet<>();
42 |         Set<String> subprotocols = new HashSet<>();
43 |         subprotocols.add(GraphqlConstants.GraphqlRouterConstants.GRAPHQL_WS_SUBPROTOCOL);
44 |         handshakeSet.add(new Hybi13Handshake(subprotocols, true));
45 |         handshakeSet.add(new Hybi07Handshake(subprotocols, true));
46 |         handshakeSet.add(new Hybi08Handshake(subprotocols, true));
47 |         return handshakeSet;
48 |     }
49 | 
50 | }
51 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/java/com/networknt/graphql/router/models/QueryParameters.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router.models;
 2 | 
 3 | import java.util.Collections;
 4 | import java.util.Map;
 5 | 
 6 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_QUERY_KEY;
 7 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_REQUEST_VARIABLES_KEY;
 8 | import static com.networknt.graphql.common.GraphqlConstants.GraphqlRouterConstants.GRAPHQL_RESPONSE_PAYLOAD_KEY;
 9 | 
10 | /**
11 |  * Graphql clients can send GET or POST HTTP requests.  The spec does not make an explicit
12 |  * distinction.  So you may need to handle both.  The following was tested using
13 |  * a graphiql client tool found here : https://github.com/skevy/graphiql-app
14 |  *
15 |  * You should consider bundling graphiql in your application
16 |  *
17 |  * https://github.com/graphql/graphiql
18 |  *
19 |  * This outlines more information on how to handle parameters over http
20 |  *
21 |  * http://graphql.org/learn/serving-over-http/
22 |  */
23 | public class QueryParameters {
24 | 
25 |     private String query;
26 |     private Map<String, Object> variables = Collections.emptyMap();
27 | 
28 |     public String getQuery() {
29 |         return query;
30 |     }
31 | 
32 |     public Map<String, Object> getVariables() {
33 |         return variables;
34 |     }
35 | 
36 |     public static QueryParameters from(Map inputData) {
37 |         QueryParameters parameters = new QueryParameters();
38 |         Map<String, Object> payload = (Map)inputData.get(GRAPHQL_RESPONSE_PAYLOAD_KEY);
39 |         parameters.query = (String)payload.get(GRAPHQL_REQUEST_QUERY_KEY);
40 |         parameters.variables = (Map)payload.get(GRAPHQL_REQUEST_VARIABLES_KEY);
41 |         return parameters;
42 |     }
43 | }
44 | 


--------------------------------------------------------------------------------
/graphql-router/src/main/resources/config/graphiql.html:
--------------------------------------------------------------------------------
  1 | <!--
  2 |  *  Copyright (c) Facebook, Inc.
  3 |  *  All rights reserved.
  4 |  *
  5 |  *  This source code is licensed under the license found in the
  6 |  *  LICENSE file in the root directory of this source tree.
  7 | -->
  8 | <!DOCTYPE html>
  9 | <html>
 10 | <head>
 11 |     <style>
 12 |         body {
 13 |             height: 100%;
 14 |             margin: 0;
 15 |             width: 100%;
 16 |             overflow: hidden;
 17 |         }
 18 |         #graphiql {
 19 |             height: 100vh;
 20 |         }
 21 |     </style>
 22 | 
 23 |     <!--
 24 |       This GraphiQL example depends on Promise and fetch, which are available in
 25 |       modern browsers, but can be "polyfilled" for older browsers.
 26 |       GraphiQL itself depends on React DOM.
 27 |       If you do not want to rely on a CDN, you can host these files locally or
 28 |       include them directly in your favored resource bunder.
 29 |     -->
 30 |     <script src="//cdn.jsdelivr.net/es6-promise/4.0.5/es6-promise.auto.min.js"></script>
 31 |     <script src="//cdn.jsdelivr.net/fetch/0.9.0/fetch.min.js"></script>
 32 |     <script src="//cdn.jsdelivr.net/react/15.4.2/react.min.js"></script>
 33 |     <script src="//cdn.jsdelivr.net/react/15.4.2/react-dom.min.js"></script>
 34 | 
 35 |     <!-- Subscription Support -->
 36 |     <script src="//unpkg.com/subscriptions-transport-ws@0.9.5/browser/client.js"></script>
 37 |     <script>${GRAPHIQL_SUBSCRIPTION_FETCHER}</script>
 38 | 
 39 |     <!--
 40 |       These two files can be found in the npm module, however you may wish to
 41 |       copy them directly into your environment, or perhaps include them in your
 42 |       favored resource bundler.
 43 |      -->
 44 |     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/graphiql/0.11.11/graphiql.min.css" />
 45 |     <script src="https://cdnjs.cloudflare.com/ajax/libs/graphiql/0.11.11/graphiql.js"></script>
 46 | 
 47 | </head>
 48 | <body>
 49 | <div id="graphiql">Loading...</div>
 50 | <script>
 51 |     /**
 52 |      * This GraphiQL example illustrates how to use some of GraphiQL's props
 53 |      * in order to enable reading and updating the URL parameters, making
 54 |      * link sharing of queries a little bit easier.
 55 |      *
 56 |      * This is only one example of this kind of feature, GraphiQL exposes
 57 |      * various React params to enable interesting integrations.
 58 |      */
 59 |         // Parse the search string to get url parameters.
 60 |     var search = window.location.search;
 61 |     var parameters = {};
 62 |     search.substr(1).split('&').forEach(function (entry) {
 63 |         var eq = entry.indexOf('=');
 64 |         if (eq >= 0) {
 65 |             parameters[decodeURIComponent(entry.slice(0, eq))] =
 66 |                 decodeURIComponent(entry.slice(eq + 1));
 67 |         }
 68 |     });
 69 |     // if variables was provided, try to format it.
 70 |     if (parameters.variables) {
 71 |         try {
 72 |             parameters.variables =
 73 |                 JSON.stringify(JSON.parse(parameters.variables), null, 2);
 74 |         } catch (e) {
 75 |             // Do nothing, we want to display the invalid JSON as a string, rather
 76 |             // than present an error.
 77 |         }
 78 |     }
 79 |     // When the query and variables string is edited, update the URL bar so
 80 |     // that it can be easily shared
 81 |     function onEditQuery(newQuery) {
 82 |         parameters.query = newQuery;
 83 |         updateURL();
 84 |     }
 85 |     function onEditVariables(newVariables) {
 86 |         parameters.variables = newVariables;
 87 |         updateURL();
 88 |     }
 89 |     function onEditOperationName(newOperationName) {
 90 |         parameters.operationName = newOperationName;
 91 |         updateURL();
 92 |     }
 93 |     function updateURL() {
 94 |         var newSearch = '?' + Object.keys(parameters).filter(function (key) {
 95 |             return Boolean(parameters[key]);
 96 |         }).map(function (key) {
 97 |             return encodeURIComponent(key) + '=' +
 98 |                 encodeURIComponent(parameters[key]);
 99 |         }).join('&');
100 |         history.replaceState(null, null, newSearch);
101 |     }
102 | 
103 |     // Defines a GraphQL fetcher using the fetch API.
104 |     function graphQLFetcher(graphQLParams) {
105 |         return fetch('/graphql', {
106 |             method: 'post',
107 |             headers: {
108 |                 'Accept': 'application/json',
109 |                 'Content-Type': 'application/json'
110 |             },
111 |             body: JSON.stringify(graphQLParams),
112 |             credentials: 'include'
113 |         }).then(function (response) {
114 |             return response.text();
115 |         }).then(function (responseBody) {
116 |             try {
117 |                 return JSON.parse(responseBody);
118 |             } catch (error) {
119 |                 return responseBody;
120 |             }
121 |         });
122 | 
123 |     }
124 | 
125 |     var subscriptionsEndpoint = 'ws://' + window.location.hostname + (window.location.port ? ':' + window.location.port: '') + '/subscriptions';
126 |     var subscriptionsClient = new window.SubscriptionsTransportWs.SubscriptionClient(subscriptionsEndpoint, {
127 |         reconnect: true
128 |     });
129 |     var subscriptionEnabledFetcher = window.GraphiQLSubscriptionsFetcher.graphQLFetcher(subscriptionsClient, graphQLFetcher);
130 |     // Render <GraphiQL /> into the body.
131 |     ReactDOM.render(
132 |         React.createElement(GraphiQL, {
133 |             fetcher: subscriptionEnabledFetcher,
134 |             query: parameters.query,
135 |             variables: parameters.variables,
136 |             operationName: parameters.operationName,
137 |             onEditQuery: onEditQuery,
138 |             onEditVariables: onEditVariables,
139 |             onEditOperationName: onEditOperationName
140 |         }),
141 |         document.getElementById('graphiql')
142 |     );
143 | </script>  </body>
144 | </html>
145 | 


--------------------------------------------------------------------------------
/graphql-router/src/test/java/com/networknt/graphql/router/GraphqlEndpointSourceTest.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.router;
 2 | 
 3 | import com.networknt.handler.config.EndpointSource;
 4 | import org.junit.Assert;
 5 | import org.junit.Test;
 6 | 
 7 | import java.util.Arrays;
 8 | import java.util.HashSet;
 9 | import java.util.Set;
10 | import java.util.stream.Collectors;
11 | import java.util.stream.StreamSupport;
12 | 
13 | public class GraphqlEndpointSourceTest {
14 | 
15 |     @Test
16 |     public void testPetstoreEndpoints() {
17 |         GraphqlEndpointSource source = new GraphqlEndpointSource();
18 |         Iterable<EndpointSource.Endpoint> endpoints = source.listEndpoints();
19 | 
20 |         // Extract a set of string representations of endpoints
21 |         Set<String> endpointStrings = StreamSupport
22 |             .stream(endpoints.spliterator(), false)
23 |             .map(Object::toString)
24 |             .collect(Collectors.toSet());
25 | 
26 |         // Assert that we got what we wanted
27 |         Assert.assertEquals(
28 |             new HashSet<>(Arrays.asList(
29 |                 "/graphql@GET",
30 |                 "/graphql@POST",
31 |                 "/graphql@OPTIONS"
32 |             )),
33 |             endpointStrings
34 |         );
35 |     }
36 | 
37 | }
38 | 


--------------------------------------------------------------------------------
/graphql-router/src/test/resources/logback-test.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!--
 3 |   ~ Copyright (c) 2016 Network New Technologies Inc.
 4 |   ~
 5 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
 6 |   ~ You may not use this file except in compliance with the License.
 7 |   ~ You may obtain a copy of the License at
 8 |   ~
 9 |   ~      http://www.apache.org/licenses/LICENSE-2.0
10 |   ~
11 |   ~ Unless required by applicable law or agreed to in writing, software
12 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
13 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |   ~ See the License for the specific language governing permissions and
15 |   ~ limitations under the License.
16 |   -->
17 | 
18 | <configuration>
19 |     TODO create logger for audit only.
20 |     http://stackoverflow.com/questions/2488558/logback-to-log-different-messages-to-two-files
21 |     <turboFilter class="ch.qos.logback.classic.turbo.MarkerFilter">
22 |         <Marker>PROFILER</Marker>
23 |         <!--<OnMatch>DENY</OnMatch>-->
24 |         <OnMatch>NEUTRAL</OnMatch>
25 |     </turboFilter>
26 | 
27 |     <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
28 |     <!-- encoders are assigned the type
29 |          ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
30 |         <encoder>
31 |             <pattern>%d{HH:mm:ss.SSS} [%thread] %-5marker %-5level %logger{36} - %msg%n</pattern>
32 |         </encoder>
33 |     </appender>
34 | 
35 |     <appender name="log" class="ch.qos.logback.core.FileAppender">
36 |         <File>target/test.log</File>
37 |         <Append>false</Append>
38 |         <layout class="ch.qos.logback.classic.PatternLayout">
39 |             <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %class{36}:%L %M - %msg%n</Pattern>
40 |         </layout>
41 |     </appender>
42 | 
43 |     <!--audit log-->
44 |     <appender name="audit" class="ch.qos.logback.core.rolling.RollingFileAppender">
45 |         <file>target/audit.log</file> <!-- logfile location -->
46 |         <encoder>
47 |             <pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern> <!-- the layout pattern used to format log entries -->
48 |             <immediateFlush>true</immediateFlush>
49 |         </encoder>
50 |         <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
51 |             <fileNamePattern>target/audit.log.%i.zip</fileNamePattern>
52 |             <minIndex>1</minIndex>
53 |             <maxIndex>5</maxIndex> <!-- max number of archived logs that are kept -->
54 |         </rollingPolicy>
55 |         <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
56 |             <maxFileSize>200MB</maxFileSize> <!-- The size of the logfile that triggers a switch to a new logfile, and the current one archived -->
57 |         </triggeringPolicy>
58 |     </appender>
59 | 
60 |     <root level="trace">
61 |         <appender-ref ref="stdout" />
62 |     </root>
63 | 
64 |     <logger name="com.networknt" level="trace">
65 |         <appender-ref ref="log"/>
66 |     </logger>
67 | 
68 |     <logger name="Audit" level="trace" additivity="false">
69 |         <appender-ref ref="audit"/>
70 |     </logger>
71 | 
72 | </configuration>
73 | 


--------------------------------------------------------------------------------
/graphql-security/pom.xml:
--------------------------------------------------------------------------------
  1 | <!--
  2 |   ~ Copyright (c) 2016 Network New Technologies Inc.
  3 |   ~
  4 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
  5 |   ~ You may not use this file except in compliance with the License.
  6 |   ~ You may obtain a copy of the License at
  7 |   ~
  8 |   ~      http://www.apache.org/licenses/LICENSE-2.0
  9 |   ~
 10 |   ~ Unless required by applicable law or agreed to in writing, software
 11 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 12 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   ~ See the License for the specific language governing permissions and
 14 |   ~ limitations under the License.
 15 |   -->
 16 | 
 17 | <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
 18 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 19 |     <modelVersion>4.0.0</modelVersion>
 20 | 
 21 |     <parent>
 22 |         <groupId>com.networknt</groupId>
 23 |         <artifactId>light-graphql-4j</artifactId>
 24 |         <version>2.2.3-SNAPSHOT</version>
 25 |         <relativePath>../pom.xml</relativePath>
 26 |     </parent>
 27 | 
 28 |     <artifactId>graphql-security</artifactId>
 29 |     <packaging>jar</packaging>
 30 |     <name>graphql-security</name>
 31 |     <description>A security module that contains all handlers to protect your graphql endpoint</description>
 32 | 
 33 |     <dependencies>
 34 |         <dependency>
 35 |             <groupId>com.networknt</groupId>
 36 |             <artifactId>config</artifactId>
 37 |         </dependency>
 38 |         <dependency>
 39 |             <groupId>com.networknt</groupId>
 40 |             <artifactId>http-string</artifactId>
 41 |         </dependency>
 42 |         <dependency>
 43 |             <groupId>com.networknt</groupId>
 44 |             <artifactId>security</artifactId>
 45 |         </dependency>
 46 |         <dependency>
 47 |             <groupId>com.networknt</groupId>
 48 |             <artifactId>handler</artifactId>
 49 |         </dependency>
 50 |         <dependency>
 51 |             <groupId>com.networknt</groupId>
 52 |             <artifactId>status</artifactId>
 53 |         </dependency>
 54 |         <dependency>
 55 |             <groupId>com.networknt</groupId>
 56 |             <artifactId>audit</artifactId>
 57 |         </dependency>
 58 |         <dependency>
 59 |             <groupId>com.networknt</groupId>
 60 |             <artifactId>graphql-common</artifactId>
 61 |         </dependency>
 62 |         <dependency>
 63 |             <groupId>io.undertow</groupId>
 64 |             <artifactId>undertow-core</artifactId>
 65 |         </dependency>
 66 |         <dependency>
 67 |             <groupId>com.fasterxml.jackson.core</groupId>
 68 |             <artifactId>jackson-databind</artifactId>
 69 |         </dependency>
 70 |         <dependency>
 71 |             <groupId>org.slf4j</groupId>
 72 |             <artifactId>slf4j-api</artifactId>
 73 |         </dependency>
 74 |         <dependency>
 75 |             <groupId>org.bitbucket.b_c</groupId>
 76 |             <artifactId>jose4j</artifactId>
 77 |             <version>${version.jose4j}</version>
 78 |         </dependency>
 79 | 
 80 |         <dependency>
 81 |             <groupId>com.networknt</groupId>
 82 |             <artifactId>client</artifactId>
 83 |             <scope>test</scope>
 84 |         </dependency>
 85 |         <dependency>
 86 |             <groupId>ch.qos.logback</groupId>
 87 |             <artifactId>logback-classic</artifactId>
 88 |             <scope>test</scope>
 89 |         </dependency>
 90 |         <dependency>
 91 |             <groupId>junit</groupId>
 92 |             <artifactId>junit</artifactId>
 93 |             <scope>test</scope>
 94 |         </dependency>
 95 |         <dependency>
 96 |             <groupId>org.apache.commons</groupId>
 97 |             <artifactId>commons-text</artifactId>
 98 |             <scope>test</scope>
 99 |         </dependency>
100 |     </dependencies>
101 | 
102 | </project>
103 | 


--------------------------------------------------------------------------------
/graphql-security/src/main/java/com/networknt/graphql/security/JwtVerifyHandler.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2016 Network New Technologies Inc.
  3 |  *
  4 |  * Licensed under the Apache License, Version 2.0 (the "License");
  5 |  * You may not use this file except in compliance with the License.
  6 |  * You may obtain a copy of the License at
  7 |  *
  8 |  *      http://www.apache.org/licenses/LICENSE-2.0
  9 |  *
 10 |  * Unless required by applicable law or agreed to in writing, software
 11 |  * distributed under the License is distributed on an "AS IS" BASIS,
 12 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |  * See the License for the specific language governing permissions and
 14 |  * limitations under the License.
 15 |  */
 16 | 
 17 | package com.networknt.graphql.security;
 18 | 
 19 | import com.networknt.config.Config;
 20 | import com.networknt.graphql.common.GraphqlUtil;
 21 | import com.networknt.handler.Handler;
 22 | import com.networknt.handler.MiddlewareHandler;
 23 | import com.networknt.httpstring.AttachmentConstants;
 24 | import com.networknt.httpstring.HttpStringConstants;
 25 | import com.networknt.security.IJwtVerifyHandler;
 26 | import com.networknt.exception.ExpiredTokenException;
 27 | import com.networknt.security.JwtVerifier;
 28 | import com.networknt.security.SecurityConfig;
 29 | import com.networknt.utility.Constants;
 30 | import com.networknt.utility.ModuleRegistry;
 31 | import io.undertow.Handlers;
 32 | import io.undertow.server.HttpHandler;
 33 | import io.undertow.server.HttpServerExchange;
 34 | import io.undertow.util.HeaderMap;
 35 | import io.undertow.util.Headers;
 36 | import org.jose4j.jwt.JwtClaims;
 37 | import org.jose4j.jwt.MalformedClaimException;
 38 | import org.jose4j.jwt.consumer.InvalidJwtException;
 39 | import org.slf4j.Logger;
 40 | import org.slf4j.LoggerFactory;
 41 | 
 42 | import java.util.Arrays;
 43 | import java.util.HashMap;
 44 | import java.util.List;
 45 | import java.util.Map;
 46 | 
 47 | /**
 48 |  * This is the JWT token verifier for GraphQL. Given there is no OpenAPI spec available for
 49 |  * scopes, we have to verify the scope just based on query and mutation which is read and write.
 50 |  *
 51 |  * Regard to the authorization, GraphQL spec doesn't have anything built-in, and it is
 52 |  * recommended to handle at the business logic layer. As we are trying to address the cross-cutting
 53 |  * concerns at middleware level within the framework, we don't want to inject anything extra into
 54 |  * the schema for authorization.
 55 |  *
 56 |  * @author Steve Hu
 57 |  *
 58 |  */
 59 | public class JwtVerifyHandler implements MiddlewareHandler, IJwtVerifyHandler {
 60 |     private static final Logger logger = LoggerFactory.getLogger(JwtVerifyHandler.class);
 61 | 
 62 |     private static final String GRAPHQL_SECURITY_CONFIG = "graphql-security";
 63 |     private static final String STATUS_INVALID_AUTH_TOKEN = "ERR10000";
 64 |     private static final String STATUS_AUTH_TOKEN_EXPIRED = "ERR10001";
 65 |     private static final String STATUS_MISSING_AUTH_TOKEN = "ERR10002";
 66 |     private static final String STATUS_INVALID_SCOPE_TOKEN = "ERR10003";
 67 |     private static final String STATUS_SCOPE_TOKEN_EXPIRED = "ERR10004";
 68 |     private static final String STATUS_AUTH_TOKEN_SCOPE_MISMATCH = "ERR10005";
 69 |     private static final String STATUS_SCOPE_TOKEN_SCOPE_MISMATCH = "ERR10006";
 70 | 
 71 |     static SecurityConfig config;
 72 |     static JwtVerifier jwtVerifier;
 73 | 
 74 |     private volatile HttpHandler next;
 75 | 
 76 |     public JwtVerifyHandler() {
 77 |         config = SecurityConfig.load(GRAPHQL_SECURITY_CONFIG);
 78 |         jwtVerifier = new JwtVerifier(config);
 79 |         if(logger.isDebugEnabled()) logger.debug("JwtVerifyHandler is constructed");
 80 |     }
 81 | 
 82 |     @Override
 83 |     public void handleRequest(final HttpServerExchange exchange) throws Exception {
 84 |         String reqPath = exchange.getRequestPath();
 85 |         if(logger.isTraceEnabled()) logger.debug("handleRequest with request path {}", reqPath);
 86 |         // if request path is in the skipPathPrefixes in the config, call the next handler directly to skip the security check.
 87 |         if (config.getSkipPathPrefixes() != null && config.getSkipPathPrefixes().stream().anyMatch(reqPath::startsWith)) {
 88 |             if(logger.isTraceEnabled())
 89 |                 logger.trace("Skip request path base on skipPathPrefixes for " + reqPath);
 90 |             Handler.next(exchange, next);
 91 |             if (logger.isDebugEnabled())
 92 |                 logger.debug("JwtVerifyHandler.handleRequest ends.");
 93 |             return;
 94 |         }
 95 | 
 96 |         HeaderMap headerMap = exchange.getRequestHeaders();
 97 |         String authorization = headerMap.getFirst(Headers.AUTHORIZATION);
 98 |         String jwt = jwtVerifier.getTokenFromAuthorization(authorization);
 99 |         if(jwt != null) {
100 |             try {
101 |                 JwtClaims claims = jwtVerifier.verifyJwt(jwt, false, true, null, reqPath, null);
102 |                 Map<String, Object> auditInfo = new HashMap<>();
103 |                 auditInfo.put(Constants.ENDPOINT_STRING, GraphqlUtil.config.getPath());
104 |                 String clientId = claims.getStringClaimValue(Constants.CLIENT_ID_STRING);
105 |                 // try to get the cid as some OAuth tokens name it as cid like Okta.
106 |                 if(clientId == null) clientId = claims.getStringClaimValue(Constants.CID);
107 |                 auditInfo.put(Constants.CLIENT_ID_STRING, clientId);
108 |                 String userId = claims.getStringClaimValue(Constants.USER_ID_STRING);
109 |                 // try to get the uid as some OAuth tokens name it as uid like Okta.
110 |                 if(userId == null) userId = claims.getStringClaimValue(Constants.UID);
111 |                 auditInfo.put(Constants.USER_ID_STRING, userId);
112 |                 auditInfo.put(Constants.SUBJECT_CLAIMS, claims);
113 |                 String callerId = headerMap.getFirst(HttpStringConstants.CALLER_ID);
114 |                 if(callerId != null) auditInfo.put(Constants.CALLER_ID_STRING, callerId);
115 |                 exchange.putAttachment(AttachmentConstants.AUDIT_INFO, auditInfo);
116 |                 if(config != null && config.isEnableVerifyScope()) {
117 |                     // need a way to figure out this is query or mutation, is it possible to have multiple queries
118 |                     // and mutations? If yes, then each one will have a scope with operation_name.r or operation_name.w
119 | 
120 | 
121 |                     // is there a scope token
122 |                     String scopeHeader = headerMap.getFirst(HttpStringConstants.SCOPE_TOKEN);
123 |                     String scopeJwt = jwtVerifier.getTokenFromAuthorization(scopeHeader);
124 |                     List<String> secondaryScopes = null;
125 |                     if(scopeJwt != null) {
126 |                         try {
127 |                             JwtClaims scopeClaims = jwtVerifier.verifyJwt(scopeJwt, false,  true, null, reqPath, null);
128 |                             Object scopeClaim = scopeClaims.getClaimValue(Constants.SCOPE_STRING);
129 |                             if(scopeClaim instanceof String) {
130 |                                 secondaryScopes = Arrays.asList(scopeClaims.getStringClaimValue(Constants.SCOPE_STRING).split(" "));
131 |                             } else if(scopeClaim instanceof List) {
132 |                                 secondaryScopes = scopeClaims.getStringListClaimValue(Constants.SCOPE_STRING);
133 |                             }
134 |                             if(secondaryScopes == null || secondaryScopes.isEmpty()) {
135 |                                 // some IDPs like Okta and Microsoft call scope claim "scp" instead of "scope"
136 |                                 Object scpClaim = scopeClaims.getClaimValue(Constants.SCP_STRING);
137 |                                 if(scpClaim instanceof String) {
138 |                                     secondaryScopes = Arrays.asList(scopeClaims.getStringClaimValue(Constants.SCP_STRING).split(" "));
139 |                                 } else if(scpClaim instanceof List) {
140 |                                     secondaryScopes = scopeClaims.getStringListClaimValue(Constants.SCP_STRING);
141 |                                 }
142 |                             }
143 |                             auditInfo.put(Constants.SCOPE_CLIENT_ID_STRING, scopeClaims.getStringClaimValue(Constants.CLIENT_ID_STRING));
144 |                             auditInfo.put(Constants.ACCESS_CLAIMS, scopeClaims);
145 |                         } catch (InvalidJwtException | MalformedClaimException e) {
146 |                             logger.error("InvalidJwtException", e);
147 |                             setExchangeStatus(exchange, STATUS_INVALID_SCOPE_TOKEN);
148 |                             return;
149 |                         } catch (ExpiredTokenException e) {
150 |                             logger.error("ExpiredTokenException", e);
151 |                             setExchangeStatus(exchange, STATUS_SCOPE_TOKEN_EXPIRED);
152 |                             return;
153 |                         }
154 |                     }
155 | 
156 |                     // TODO find out which operation is accessed and what is the scope based one the convention.
157 |                     List<String> specScopes = null;
158 | 
159 |                     // validate scope
160 |                     if (scopeHeader != null) {
161 |                         if (secondaryScopes == null || !matchedScopes(secondaryScopes, specScopes)) {
162 |                             setExchangeStatus(exchange, STATUS_SCOPE_TOKEN_SCOPE_MISMATCH, secondaryScopes, specScopes);
163 |                             return;
164 |                         }
165 |                     } else {
166 |                         // no scope token, verify scope from auth token.
167 |                         List<String> primaryScopes = null;
168 |                         try {
169 |                             Object scopeClaim = claims.getClaimValue(Constants.SCOPE_STRING);
170 |                             if(scopeClaim instanceof String) {
171 |                                 primaryScopes = Arrays.asList(claims.getStringClaimValue(Constants.SCOPE_STRING).split(" "));
172 |                             } else if(scopeClaim instanceof List) {
173 |                                 primaryScopes = claims.getStringListClaimValue(Constants.SCOPE_STRING);
174 |                             }
175 |                             if(primaryScopes == null || primaryScopes.isEmpty()) {
176 |                                 // some IDPs like Okta and Microsoft call scope claim "scp" instead of "scope"
177 |                                 Object scpClaim = claims.getClaimValue(Constants.SCP_STRING);
178 |                                 if(scpClaim instanceof String) {
179 |                                     primaryScopes = Arrays.asList(claims.getStringClaimValue(Constants.SCP_STRING).split(" "));
180 |                                 } else if(scpClaim instanceof List) {
181 |                                     primaryScopes = claims.getStringListClaimValue(Constants.SCP_STRING);
182 |                                 }
183 |                             }
184 |                         } catch (MalformedClaimException e) {
185 |                             logger.error("MalformedClaimException", e);
186 |                             setExchangeStatus(exchange, STATUS_INVALID_AUTH_TOKEN);
187 |                             return;
188 |                         }
189 |                         if (!matchedScopes(primaryScopes, specScopes)) {
190 |                             setExchangeStatus(exchange, STATUS_AUTH_TOKEN_SCOPE_MISMATCH, primaryScopes, specScopes);
191 |                             return;
192 |                         }
193 |                     }
194 |                 }
195 |                 Handler.next(exchange, next);
196 |             } catch (InvalidJwtException e) {
197 |                 // only log it and unauthorized is returned.
198 |                 logger.error("InvalidJwtException: ", e);
199 |                 setExchangeStatus(exchange, STATUS_INVALID_AUTH_TOKEN);
200 |             } catch (ExpiredTokenException e) {
201 |                 logger.error("ExpiredTokenException", e);
202 |                 setExchangeStatus(exchange, STATUS_AUTH_TOKEN_EXPIRED);
203 |             }
204 |         } else {
205 |             setExchangeStatus(exchange, STATUS_MISSING_AUTH_TOKEN);
206 |         }
207 |     }
208 | 
209 |     protected boolean matchedScopes(List<String> jwtScopes, List<String> specScopes) {
210 |         boolean matched = false;
211 |         if(specScopes != null && specScopes.size() > 0) {
212 |             if(jwtScopes != null && jwtScopes.size() > 0) {
213 |                 for(String scope: specScopes) {
214 |                     if(jwtScopes.contains(scope)) {
215 |                         matched = true;
216 |                         break;
217 |                     }
218 |                 }
219 |             }
220 |         } else {
221 |             matched = true;
222 |         }
223 |         return matched;
224 |     }
225 | 
226 |     @Override
227 |     public HttpHandler getNext() {
228 |         return next;
229 |     }
230 | 
231 |     @Override
232 |     public MiddlewareHandler setNext(final HttpHandler next) {
233 |         Handlers.handlerNotNull(next);
234 |         this.next = next;
235 |         return this;
236 |     }
237 | 
238 |     @Override
239 |     public boolean isEnabled() {
240 |         return config.isEnableVerifyJwt();
241 |     }
242 | 
243 |     @Override
244 |     public void register() {
245 |         ModuleRegistry.registerModule(GRAPHQL_SECURITY_CONFIG, JwtVerifyHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(GRAPHQL_SECURITY_CONFIG), null);
246 |     }
247 | 
248 |     @Override
249 |     public void reload() {
250 |         config.reload(GRAPHQL_SECURITY_CONFIG);
251 |         ModuleRegistry.registerModule(GRAPHQL_SECURITY_CONFIG, JwtVerifyHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(GRAPHQL_SECURITY_CONFIG), null);
252 |     }
253 | 
254 |     @Override
255 |     public JwtVerifier getJwtVerifier() {
256 |         return jwtVerifier;
257 |     }
258 | }
259 | 


--------------------------------------------------------------------------------
/graphql-security/src/main/resources/config/graphql-security.yml:
--------------------------------------------------------------------------------
  1 | # Security configuration for graphql-security in light-graphql-4j. It is a specific config
  2 | # for GraphQL framework security. It is introduced to support multiple frameworks in the
  3 | # same server instance. If this file cannot be found, the generic security.yml will be
  4 | # loaded for backward compatibility.
  5 | ---
  6 | # Enable the JWT verification flag. The JwtVerifierHandler will skip the JWT token verification
  7 | # if this flag is false. It should only be set to false on the dev environment for testing
  8 | # purposes. If you have some endpoints that want to skip the JWT verification, you can put the
  9 | # request path prefix in skipPathPrefixes.
 10 | enableVerifyJwt: ${graphql-security.enableVerifyJwt:true}
 11 | 
 12 | # Enable the SWT verification flag. The SwtVerifierHandler will skip the SWT token verification
 13 | # if this flag is false. It should only be set to false on the dev environment for testing
 14 | # purposes. If you have some endpoints that want to skip the SWT verification, you can put the
 15 | # request path prefix in skipPathPrefixes.
 16 | enableVerifySwt: ${graphql-security.enableVerifySwt:false}
 17 | 
 18 | # swt clientId header name. When light-gateway is used and the consumer app does not want to save
 19 | # the client secret in the configuration file, it can be passed in the header.
 20 | swtClientIdHeader: ${security.swtClientIdHeader:swt-client}
 21 | # swt clientSecret header name. When light-gateway is used and the consumer app does not want to save
 22 | # the client secret in the configuration file, it can be passed in the header.
 23 | swtClientSecretHeader: ${graphql-security.swtClientSecretHeader:swt-secret}
 24 | 
 25 | # Extract JWT scope token from the X-Scope-Token header and validate the JWT token
 26 | enableExtractScopeToken: ${graphql-security.enableExtractScopeToken:true}
 27 | 
 28 | # Enable JWT scope verification. This flag is valid when enableVerifyJwt is true. When using the
 29 | # light gateway as a centralized gateway without backend API specifications, you can still enable
 30 | # this flag to allow the admin endpoints to have scopes verified. And all backend APIs without
 31 | # specifications skip the scope verification if the spec does not exist with the skipVerifyScopeWithoutSpec
 32 | # flag to true. Also, you need to have the openapi.yml specification file in the config folder to
 33 | # enable it, as the scope verification compares the scope from the JWT token and the scope in the
 34 | # endpoint specification.
 35 | enableVerifyScope: ${graphql-security.enableVerifyScope:true}
 36 | 
 37 | # Users should only use this flag in a shared light gateway if the backend API specifications are
 38 | # unavailable in the gateway config folder. If this flag is true and the enableVerifyScope is true,
 39 | # the security handler will invoke the scope verification for all endpoints. However, if the endpoint
 40 | # doesn't have a specification to retrieve the defined scopes, the handler will skip the scope verification.
 41 | skipVerifyScopeWithoutSpec: ${graphql-security.skipVerifyScopeWithoutSpec:false}
 42 | 
 43 | # If set true, the JWT verifier handler will pass if the JWT token is expired already. Unless
 44 | # you have a strong reason, please use it only on the dev environment if your OAuth 2 provider
 45 | # doesn't support long-lived token for dev environment or test automation.
 46 | ignoreJwtExpiry: ${graphql-security.ignoreJwtExpiry:false}
 47 | 
 48 | # set true if you want to allow http 1/1 connections to be upgraded to http/2 using the UPGRADE method (h2c).
 49 | # By default, this is set to false for security reasons. If you choose to enable it make sure you can handle http/2 w/o tls.
 50 | enableH2c: ${graphql-security.enableH2c:false}
 51 | 
 52 | # User for test only. should be always be false on official environment.
 53 | enableMockJwt: ${graphql-security.enableMockJwt:false}
 54 | 
 55 | # Enables relaxed verification for jwt. e.g. Disables key length requirements.
 56 | # Should be used in test environments only.
 57 | enableRelaxedKeyValidation: ${graphql-security.enableRelaxedKeyValidation:false}
 58 | 
 59 | # JWT signature public certificates. kid and certificate path mappings.
 60 | jwt:
 61 |   certificate: ${graphql-security.certificate:100=primary.crt&101=secondary.crt}
 62 | #    '100': primary.crt
 63 | #    '101': secondary.crt
 64 |   clockSkewInSeconds: ${graphql-security.clockSkewInSeconds:60}
 65 |   # Key distribution server standard: JsonWebKeySet for other OAuth 2.0 provider| X509Certificate for light-oauth2
 66 |   keyResolver: ${graphql-security.keyResolver:JsonWebKeySet}
 67 | 
 68 | # Enable or disable JWT token logging for audit. This is to log the entire token
 69 | # or choose the next option that only logs client_id, user_id and scope.
 70 | logJwtToken: ${graphql-security.logJwtToken:true}
 71 | 
 72 | # Enable or disable client_id, user_id and scope logging if you don't want to log
 73 | # the entire token. Choose this option or the option above.
 74 | logClientUserScope: ${graphql-security.logClientUserScope:false}
 75 | 
 76 | # Enable JWT token cache to speed up verification. This will only verify expired time
 77 | # and skip the signature verification as it takes more CPU power and a long time. If
 78 | # each request has a different jwt token, like authorization code flow, this indicator
 79 | # should be turned off. Otherwise, the cached jwt will only be removed after 15 minutes
 80 | # and the cache can grow bigger if the number of requests is very high. This will cause
 81 | # memory kill in a Kubernetes pod if the memory setting is limited.
 82 | enableJwtCache: ${graphql-security.enableJwtCache:true}
 83 | 
 84 | # If enableJwtCache is true, then an error message will be shown up in the log if the
 85 | # cache size is bigger than the jwtCacheFullSize. This helps the developers to detect
 86 | # cache problem if many distinct tokens flood the cache in a short period of time. If
 87 | # you see JWT cache exceeds the size limit in logs, you need to turn off the enableJwtCache
 88 | # or increase the cache full size to a bigger number from the default 100.
 89 | jwtCacheFullSize: ${graphql-security.jwtCacheFullSize:100}
 90 | 
 91 | # If you are using light-oauth2, then you don't need to have oauth subfolder for public
 92 | # key certificate to verify JWT token, the key will be retrieved from key endpoint once
 93 | # the first token is arrived. Default to false for dev environment without oauth2 server
 94 | # or official environment that use other OAuth 2.0 providers.
 95 | bootstrapFromKeyService: ${graphql-security.bootstrapFromKeyService:false}
 96 | 
 97 | # Used in light-oauth2 and oauth-kafka key service for federated deployment. Each instance
 98 | # will have a providerId, and it will be part of the kid to allow each instance to get the
 99 | # JWK from other instance based on the providerId in the kid.
100 | providerId: ${graphql-security.providerId:}
101 | 
102 | # Define a list of path prefixes to skip the security to ease the configuration for the
103 | # handler.yml so that users can define some endpoint without security even through it uses
104 | # the default chain. This is particularly useful in the light-gateway use case as the same
105 | # instance might be shared with multiple consumers and providers with different security
106 | # requirement. The format is a list of strings separated with commas or a JSON list in
107 | # values.yml definition from config server, or you can use yaml format in this file.
108 | skipPathPrefixes: ${graphql-security.skipPathPrefixes:}
109 | 
110 | # When light-gateway or http-sidecar is used for security, sometimes, we need to pass some
111 | # claims from the JWT or SWT to the backend API for further verification or audit. You can
112 | # select some claims to pass to the backend API with HTTP headers. The format is a map of
113 | # claim in the token and a header name that the downstream API is expecting. You can use
114 | # both JSON or YAML format.
115 | # When SwtVerifyHandler is used, the claim names are in https://github.com/networknt/light-4j/blob/master/client/src/main/java/com/networknt/client/oauth/TokenInfo.java
116 | # When JwtVerifyHandler is used, the claim names is the JwtClaims claimName.
117 | # YAML
118 | # graphql-security.passThroughClaims:
119 | #   clientId: client_id
120 | #   tokenType: token_type
121 | # JSON
122 | # graphql-security.passThroughClaims: {"clientId":"client_id","tokenType":"token_type"}
123 | passThroughClaims: ${graphql-security.passThroughClaims:}
124 | 


--------------------------------------------------------------------------------
/graphql-security/src/main/resources/config/primary.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDmzCCAoOgAwIBAgIEHnAgtDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJDQTEQMA4GA1UE
 3 | CBMHT250YXJpbzEUMBIGA1UEBxMLTWlzc2lzc2F1Z2ExJjAkBgNVBAoTHU5ldHdvcmsgTmV3IFRl
 4 | Y2hub2xvZ2llcyBJbmMuMQwwCgYDVQQLEwNERVYxETAPBgNVBAMTCFN0ZXZlIEh1MB4XDTE2MDkw
 5 | MTE2MTYxNVoXDTI2MDcxMTE2MTYxNVowfjELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8x
 6 | FDASBgNVBAcTC01pc3Npc3NhdWdhMSYwJAYDVQQKEx1OZXR3b3JrIE5ldyBUZWNobm9sb2dpZXMg
 7 | SW5jLjEMMAoGA1UECxMDREVWMREwDwYDVQQDEwhTdGV2ZSBIdTCCASIwDQYJKoZIhvcNAQEBBQAD
 8 | ggEPADCCAQoCggEBALrlxMtDb60DogElf4TBz504tRheZimAE0dJL/Yby4nacJdqvc5l4z+WWpDf
 9 | rI9krQ2Yi9yvhwAP+PrR6gWcIqWP4cpNE7XIAUDgr4CtyI7CptT/lpjtbkz4DGCMmaeDn0jqHqJt
10 | SeSZGfwVu5zAGm8n4sHatjnnxBI/iWzkTII3V4xv0WeK37szNTEd+ly2ag7n2IV5zNnYmqZTeMQm
11 | J2ENS+IwAG3ENtiVtrVTx/2bGtqutJjtdxsN58/cUG/guRyMT6OPI8Yi3ZzevdvRbxadyhEl/Kaw
12 | 6vJcdxmJI3tp4lx+p6sAxOWa7aapJe4JxutAQqzv0GKdVjoHKQ1wB60CAwEAAaMhMB8wHQYDVR0O
13 | BBYEFIPF9SBd06RWU1eDL73CKfy01lavMA0GCSqGSIb3DQEBCwUAA4IBAQAoaKZGOak3Upz/ordF
14 | slZoJuZlCu7jnKQEjYwHf3DNxcd1WmgFPtMcna6pW0VUxPIfidEA6VCMsGoK1RvshB0SjrRdCht6
15 | 5qPXs9kV3NW0WvMiwDSYZZ9HgaZ9efTe5E9Fzc7ltKrE43L6k8NJcaEEWEdpdjFbrAqH4I+j/Vro
16 | K3OhIo062fXjas5ipL4gF+3ECImjWzirQP8UiAfM0/36x7rtAu3btH/qI9hSyx39LBPPE5AsDJZ4
17 | dSMwNTW1gqmBAZIj+zQ/RD5dyWfPwON7Q+t96YbK6WBuYo0xy+I+PjcUgrWYWP3N24hlq8ZBIei+
18 | BudoEVJlIlmS0aRCuP8n
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/graphql-security/src/main/resources/config/secondary.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDkzCCAnugAwIBAgIEUBGbJDANBgkqhkiG9w0BAQsFADB6MQswCQYDVQQGEwJDQTEQMA4GA1UE
 3 | CBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzEmMCQGA1UEChMdTmV0d29yayBOZXcgVGVjaG5v
 4 | bG9naWVzIEluYy4xDDAKBgNVBAsTA0FQSTERMA8GA1UEAxMIU3RldmUgSHUwHhcNMTYwOTIyMjI1
 5 | OTIxWhcNMjYwODAxMjI1OTIxWjB6MQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4G
 6 | A1UEBxMHVG9yb250bzEmMCQGA1UEChMdTmV0d29yayBOZXcgVGVjaG5vbG9naWVzIEluYy4xDDAK
 7 | BgNVBAsTA0FQSTERMA8GA1UEAxMIU3RldmUgSHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
 8 | AoIBAQCqYfarFwug2DwpG/mmcW77OluaHVNsKEVJ/BptLp5suJAH/Z70SS5pwM4x2QwMOVO2ke8U
 9 | rsAws8allxcuKXrbpVt4evpO1Ly2sFwqB1bjN3+VMp6wcT+tSjzYdVGFpQAYHpeA+OLuoHtQyfpB
10 | 0KCveTEe3KAG33zXDNfGKTGmupZ3ZfmBLINoey/X13rY71ITt67AY78VHUKb+D53MBahCcjJ9YpJ
11 | UHG+Sd3d4oeXiQcqJCBCVpD97awWARf8WYRIgU1xfCe06wQ3CzH3+GyfozLeu76Ni5PwE1tm7Dhg
12 | EDSSZo5khmzVzo4G0T2sOeshePc5weZBNRHdHlJA0L0fAgMBAAGjITAfMB0GA1UdDgQWBBT9rnek
13 | spnrFus5wTszjdzYgKll9TANBgkqhkiG9w0BAQsFAAOCAQEAT8udTfUGBgeWbN6ZAXRI64VsSJj5
14 | 1sNUN1GPDADLxZF6jArKU7LjBNXn9bG5VjJqlx8hQ1SNvi/t7FqBRCUt/3MxDmGZrVZqLY1kZ2e7
15 | x+5RykbspA8neEUtU8sOr/NP3O5jBjU77EVec9hNNT5zwKLevZNL/Q5mfHoc4GrIAolQvi/5fEqC
16 | 8OMdOIWS6sERgjaeI4tXxQtHDcMo5PeLW0/7t5sgEsadZ+pkdeEMVTmLfgf97bpNNI7KF5uEbYnQ
17 | NpwCT+NNC5ACmJmKidrfW23kml1C7vr7YzTevw9QuH/hN8l/Rh0fr+iPEVpgN6Zv00ymoKGmjuuW
18 | owVmdKg/0w==
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/graphql-security/src/test/java/com/networknt/graphql/security/JwtVerifyHandlerTest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2016 Network New Technologies Inc.
  3 |  *
  4 |  * Licensed under the Apache License, Version 2.0 (the "License");
  5 |  * You may not use this file except in compliance with the License.
  6 |  * You may obtain a copy of the License at
  7 |  *
  8 |  *      http://www.apache.org/licenses/LICENSE-2.0
  9 |  *
 10 |  * Unless required by applicable law or agreed to in writing, software
 11 |  * distributed under the License is distributed on an "AS IS" BASIS,
 12 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |  * See the License for the specific language governing permissions and
 14 |  * limitations under the License.
 15 |  */
 16 | 
 17 | package com.networknt.graphql.security;
 18 | 
 19 | import com.networknt.client.Http2Client;
 20 | import com.networknt.exception.ClientException;
 21 | import io.undertow.Handlers;
 22 | import io.undertow.Undertow;
 23 | import io.undertow.client.ClientConnection;
 24 | import io.undertow.client.ClientRequest;
 25 | import io.undertow.client.ClientResponse;
 26 | import io.undertow.server.HttpHandler;
 27 | import io.undertow.server.RoutingHandler;
 28 | import io.undertow.util.Headers;
 29 | import io.undertow.util.HttpString;
 30 | import io.undertow.util.Methods;
 31 | import org.apache.commons.text.StringEscapeUtils;
 32 | import org.junit.AfterClass;
 33 | import org.junit.Assert;
 34 | import org.junit.BeforeClass;
 35 | import org.junit.Test;
 36 | import org.slf4j.Logger;
 37 | import org.slf4j.LoggerFactory;
 38 | import org.xnio.IoUtils;
 39 | import org.xnio.OptionMap;
 40 | 
 41 | import java.net.URI;
 42 | import java.util.HashMap;
 43 | import java.util.Map;
 44 | import java.util.concurrent.CountDownLatch;
 45 | import java.util.concurrent.atomic.AtomicReference;
 46 | 
 47 | /**
 48 |  * Test case for security handler of light-graphql-4j
 49 |  *
 50 |  * @author Steve Hu
 51 |  */
 52 | public class JwtVerifyHandlerTest {
 53 |     static final Logger logger = LoggerFactory.getLogger(JwtVerifyHandlerTest.class);
 54 | 
 55 |     static Undertow server1 = null;
 56 |     static Undertow server2 = null;
 57 |     @BeforeClass
 58 |     public static void setUp() {
 59 |         if(server1 == null) {
 60 |             logger.info("starting server1");
 61 |             HttpHandler handler = getTestHandler();
 62 |             JwtVerifyHandler jwtVerifyHandler = new JwtVerifyHandler();
 63 |             jwtVerifyHandler.setNext(handler);
 64 |             server1 = Undertow.builder()
 65 |                     .addHttpListener(7080, "localhost")
 66 |                     .setHandler(jwtVerifyHandler)
 67 |                     .build();
 68 |             server1.start();
 69 |         }
 70 |         if(server2 == null) {
 71 |             logger.info("starting server2");
 72 |             HttpHandler handler = getJwksHandler();
 73 |             server2 = Undertow.builder()
 74 |                     .addHttpListener(7081, "localhost")
 75 |                     .setHandler(handler)
 76 |                     .build();
 77 |             server2.start();
 78 |         }
 79 |     }
 80 | 
 81 |     @AfterClass
 82 |     public static void tearDown() throws Exception {
 83 |         if(server1 != null) {
 84 |             try {
 85 |                 Thread.sleep(100);
 86 |             } catch (InterruptedException ignored) {
 87 | 
 88 |             }
 89 |             server1.stop();
 90 |             logger.info("The server1 is stopped.");
 91 |         }
 92 |         if(server2 != null) {
 93 |             try {
 94 |                 Thread.sleep(100);
 95 |             } catch (InterruptedException ignored) {
 96 | 
 97 |             }
 98 |             server2.stop();
 99 |             logger.info("The server2 is stopped.");
100 |         }
101 | 
102 |     }
103 | 
104 |     static RoutingHandler getJwksHandler() {
105 |         return Handlers.routing()
106 |                 .add(Methods.GET, "/oauth2/N2CMw0HGQXeLvC1wBfln2A/keys", exchange -> {
107 |                     exchange.getResponseHeaders().add(new HttpString("Content-Type"), "application/json");
108 |                     exchange.getResponseSender().send("{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"kid\":\"Tj_l_tIBTginOtQbL0Pv5w\",\"n\":\"0YRbWAb1FGDpPUUcrIpJC6BwlswlKMS-z2wMAobdo0BNxNa7hG_gIHVPkXu14Jfo1JhUhS4wES3DdY3a6olqPcRN1TCCUVHd-1TLd1BBS-yq9tdJ6HCewhe5fXonaRRKwutvoH7i_eR4m3fQ1GoVzVAA3IngpTr4ptnM3Ef3fj-5wZYmitzrRUyQtfARTl3qGaXP_g8pHFAP0zrNVvOnV-jcNMKm8YZNcgcs1SuLSFtUDXpf7Nr2_xOhiNM-biES6Dza1sMLrlxULFuctudO9lykB7yFh3LHMxtIZyIUHuy0RbjuOGC5PmDowLttZpPI_j4ynJHAaAWr8Ddz764WdQ\",\"e\":\"AQAB\"}]}");
109 |                 });
110 | 
111 |     }
112 | 
113 |     static RoutingHandler getTestHandler() {
114 |         return Handlers.routing()
115 |                 .add(Methods.GET, "/v2/pet/{petId}", exchange -> {
116 |                     Map<String, Object> examples = new HashMap<>();
117 |                     examples.put("application/xml", StringEscapeUtils.unescapeHtml4("&lt;Pet&gt;  &lt;id&gt;123456&lt;/id&gt;  &lt;name&gt;doggie&lt;/name&gt;  &lt;photoUrls&gt;    &lt;photoUrls&gt;string&lt;/photoUrls&gt;  &lt;/photoUrls&gt;  &lt;tags&gt;  &lt;/tags&gt;  &lt;status&gt;string&lt;/status&gt;&lt;/Pet&gt;"));
118 |                     examples.put("application/json", StringEscapeUtils.unescapeHtml4("{  &quot;photoUrls&quot; : [ &quot;aeiou&quot; ],  &quot;name&quot; : &quot;doggie&quot;,  &quot;id&quot; : 123456789,  &quot;category&quot; : {    &quot;name&quot; : &quot;aeiou&quot;,    &quot;id&quot; : 123456789  },  &quot;tags&quot; : [ {    &quot;name&quot; : &quot;aeiou&quot;,    &quot;id&quot; : 123456789  } ],  &quot;status&quot; : &quot;aeiou&quot;}"));
119 |                     if(examples.size() > 0) {
120 |                         exchange.getResponseHeaders().add(new HttpString("Content-Type"), "application/json");
121 |                         exchange.getResponseSender().send((String)examples.get("application/json"));
122 |                     } else {
123 |                         exchange.endExchange();
124 |                     }
125 |                 })
126 |                 .add(Methods.GET, "/oauth2/N2CMw0HGQXeLvC1wBfln2A/keys", exchange -> {
127 |                     exchange.getResponseHeaders().add(new HttpString("Content-Type"), "application/json");
128 |                     exchange.getResponseSender().send("{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"kid\":\"Tj_l_tIBTginOtQbL0Pv5w\",\"n\":\"0YRbWAb1FGDpPUUcrIpJC6BwlswlKMS-z2wMAobdo0BNxNa7hG_gIHVPkXu14Jfo1JhUhS4wES3DdY3a6olqPcRN1TCCUVHd-1TLd1BBS-yq9tdJ6HCewhe5fXonaRRKwutvoH7i_eR4m3fQ1GoVzVAA3IngpTr4ptnM3Ef3fj-5wZYmitzrRUyQtfARTl3qGaXP_g8pHFAP0zrNVvOnV-jcNMKm8YZNcgcs1SuLSFtUDXpf7Nr2_xOhiNM-biES6Dza1sMLrlxULFuctudO9lykB7yFh3LHMxtIZyIUHuy0RbjuOGC5PmDowLttZpPI_j4ynJHAaAWr8Ddz764WdQ\",\"e\":\"AQAB\"}]}");
129 |                 })
130 |                 .add(Methods.GET, "/v2/pet", exchange -> exchange.getResponseSender().send("get"));
131 |     }
132 | 
133 |     @Test
134 |     public void testWithRightScopeInIdToken() throws Exception {
135 |         final Http2Client client = Http2Client.getInstance();
136 |         final CountDownLatch latch = new CountDownLatch(1);
137 |         final ClientConnection connection;
138 |         try {
139 |             connection = client.connect(new URI("http://localhost:7080"), Http2Client.WORKER, Http2Client.SSL, Http2Client.BUFFER_POOL, OptionMap.EMPTY).get();
140 |         } catch (Exception e) {
141 |             throw new ClientException(e);
142 |         }
143 |         final AtomicReference<ClientResponse> reference = new AtomicReference<>();
144 |         try {
145 |             ClientRequest request = new ClientRequest().setPath("/v2/pet/111").setMethod(Methods.GET);
146 |             request.getRequestHeaders().put(Headers.HOST, "localhost");
147 |             request.getRequestHeaders().put(Headers.AUTHORIZATION, "Bearer eyJraWQiOiJUal9sX3RJQlRnaW5PdFFiTDBQdjV3IiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJ1cm46Y29tOm5ldHdvcmtudDpvYXV0aDI6djEiLCJhdWQiOiJ1cm46Y29tLm5ldHdvcmtudCIsImV4cCI6MjAxOTc4MDgxMywianRpIjoiWXkyN3VMa2FhaXlBRzZoazR5a2JtZyIsImlhdCI6MTcwNDQyMDgxMywibmJmIjoxNzA0NDIwNjkzLCJ2ZXJzaW9uIjoiJzEuMCciLCJ1c2VyX2lkIjoic3RldmUiLCJ1c2VyX3R5cGUiOiJFTVBMT1lFRSIsImNsaWVudF9pZCI6ImY3ZDQyMzQ4LWM2NDctNGVmYi1hNTJkLTRjNTc4NzQyMWU3MiIsInJvbGVzIjoidXNlciIsInNjb3BlIjpbIndyaXRlOnBldHMiLCJyZWFkOnBldHMiXX0.o4WIuyAZ1SBsWSDfMnOjPtB9fuf53boMLlxAAfoZBYD33BlN5FZI4tA59KDxIH39dnwCpsr4Bsx3jT2FMZ_zvXdH1PLZGYnVQN9u5nKXjvfEEJgHHN8KY8lWMdLjLYIZgPLXpeOIiU0SXoF2-mEB_Pb4FqfaF4vPySGjLygMX6AHqTRlVXVWgrITDWxJfaBF8iCQ3K4FZyHNvMqyn2QpUwj9QI7_yccCTi2sWPxp2J4HcBj2CHmiM1RfWmwCyeOkw5rhQBrJThAjal6eqSUtJoiZ5XKiD3VQBzsL0Vhemk5xUenyCzmCCAC-T4geQ-rpTSRAKB5b2918yK5sxBrQ0A");
148 |             connection.sendRequest(request, client.createClientCallback(reference, latch));
149 |             latch.await();
150 |         } catch (Exception e) {
151 |             logger.error("Exception: ", e);
152 |             throw new ClientException(e);
153 |         } finally {
154 |             IoUtils.safeClose(connection);
155 |         }
156 |         int statusCode = reference.get().getResponseCode();
157 |         String body = reference.get().getAttachment(Http2Client.RESPONSE_BODY);
158 |         Assert.assertEquals(200, statusCode);
159 |         if(statusCode == 200) {
160 |             Assert.assertNotNull(body);
161 |         }
162 |     }
163 | }
164 | 


--------------------------------------------------------------------------------
/graphql-security/src/test/resources/config/client.truststore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/networknt/light-graphql-4j/b32c44147dafa811ec2e697396d2f7bf62acd50f/graphql-security/src/test/resources/config/client.truststore


--------------------------------------------------------------------------------
/graphql-security/src/test/resources/config/values.yml:
--------------------------------------------------------------------------------
1 | # client.yml
2 | client.tokenKeyServerUrl: http://localhost:7081
3 | client.tokenKeyUri: /oauth2/N2CMw0HGQXeLvC1wBfln2A/keys
4 | # graphql-security.yml
5 | graphql-security.skipPathPrefixes:
6 |   - /oauth2
7 | 


--------------------------------------------------------------------------------
/graphql-security/src/test/resources/logback-test.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!--
 3 |   ~ Copyright (c) 2016 Network New Technologies Inc.
 4 |   ~
 5 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
 6 |   ~ You may not use this file except in compliance with the License.
 7 |   ~ You may obtain a copy of the License at
 8 |   ~
 9 |   ~      http://www.apache.org/licenses/LICENSE-2.0
10 |   ~
11 |   ~ Unless required by applicable law or agreed to in writing, software
12 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
13 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |   ~ See the License for the specific language governing permissions and
15 |   ~ limitations under the License.
16 |   -->
17 | 
18 | <configuration>
19 |     TODO create logger for audit only.
20 |     http://stackoverflow.com/questions/2488558/logback-to-log-different-messages-to-two-files
21 |     <turboFilter class="ch.qos.logback.classic.turbo.MarkerFilter">
22 |         <Marker>PROFILER</Marker>
23 |         <!--<OnMatch>DENY</OnMatch>-->
24 |         <OnMatch>NEUTRAL</OnMatch>
25 |     </turboFilter>
26 | 
27 |     <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
28 |     <!-- encoders are assigned the type
29 |          ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
30 |         <encoder>
31 |             <pattern>%d{HH:mm:ss.SSS} [%thread] %-5marker %-5level %logger{36} - %msg%n</pattern>
32 |         </encoder>
33 |     </appender>
34 | 
35 |     <appender name="log" class="ch.qos.logback.core.FileAppender">
36 |         <File>target/test.log</File>
37 |         <Append>false</Append>
38 |         <layout class="ch.qos.logback.classic.PatternLayout">
39 |             <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %class{36}:%L %M - %msg%n</Pattern>
40 |         </layout>
41 |     </appender>
42 | 
43 |     <!--audit log-->
44 |     <appender name="audit" class="ch.qos.logback.core.rolling.RollingFileAppender">
45 |         <file>target/audit.log</file> <!-- logfile location -->
46 |         <encoder>
47 |             <pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern> <!-- the layout pattern used to format log entries -->
48 |             <immediateFlush>true</immediateFlush>
49 |         </encoder>
50 |         <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
51 |             <fileNamePattern>target/audit.log.%i.zip</fileNamePattern>
52 |             <minIndex>1</minIndex>
53 |             <maxIndex>5</maxIndex> <!-- max number of archived logs that are kept -->
54 |         </rollingPolicy>
55 |         <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
56 |             <maxFileSize>200MB</maxFileSize> <!-- The size of the logfile that triggers a switch to a new logfile, and the current one archived -->
57 |         </triggeringPolicy>
58 |     </appender>
59 | 
60 |     <root level="trace">
61 |         <appender-ref ref="stdout" />
62 |     </root>
63 | 
64 |     <logger name="com.networknt" level="trace">
65 |         <appender-ref ref="log"/>
66 |     </logger>
67 | 
68 |     <logger name="Audit" level="trace" additivity="false">
69 |         <appender-ref ref="audit"/>
70 |     </logger>
71 | 
72 | </configuration>
73 | 


--------------------------------------------------------------------------------
/graphql-validator/pom.xml:
--------------------------------------------------------------------------------
 1 | <!--
 2 |   ~ Copyright (c) 2016 Network New Technologies Inc.
 3 |   ~
 4 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
 5 |   ~ You may not use this file except in compliance with the License.
 6 |   ~ You may obtain a copy of the License at
 7 |   ~
 8 |   ~      http://www.apache.org/licenses/LICENSE-2.0
 9 |   ~
10 |   ~ Unless required by applicable law or agreed to in writing, software
11 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
12 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |   ~ See the License for the specific language governing permissions and
14 |   ~ limitations under the License.
15 |   -->
16 | 
17 | <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
18 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
19 |     <modelVersion>4.0.0</modelVersion>
20 | 
21 |     <parent>
22 |         <groupId>com.networknt</groupId>
23 |         <artifactId>light-graphql-4j</artifactId>
24 |         <version>2.2.3-SNAPSHOT</version>
25 |         <relativePath>../pom.xml</relativePath>
26 |     </parent>
27 | 
28 |     <artifactId>graphql-validator</artifactId>
29 |     <packaging>jar</packaging>
30 |     <name>graphql-validator</name>
31 |     <description>A validator handler for GraphQL endpoints</description>
32 | 
33 |     <dependencies>
34 |         <dependency>
35 |             <groupId>com.networknt</groupId>
36 |             <artifactId>graphql-common</artifactId>
37 |         </dependency>
38 |         <dependency>
39 |             <groupId>com.networknt</groupId>
40 |             <artifactId>config</artifactId>
41 |         </dependency>
42 |         <dependency>
43 |             <groupId>com.networknt</groupId>
44 |             <artifactId>handler</artifactId>
45 |         </dependency>
46 |         <dependency>
47 |             <groupId>com.networknt</groupId>
48 |             <artifactId>status</artifactId>
49 |         </dependency>
50 |         <dependency>
51 |             <groupId>com.networknt</groupId>
52 |             <artifactId>utility</artifactId>
53 |         </dependency>
54 |         <dependency>
55 |             <groupId>io.undertow</groupId>
56 |             <artifactId>undertow-core</artifactId>
57 |         </dependency>
58 |         <dependency>
59 |             <groupId>com.fasterxml.jackson.core</groupId>
60 |             <artifactId>jackson-databind</artifactId>
61 |         </dependency>
62 |         <dependency>
63 |             <groupId>org.slf4j</groupId>
64 |             <artifactId>slf4j-api</artifactId>
65 |         </dependency>
66 | 
67 |         <dependency>
68 |             <groupId>com.networknt</groupId>
69 |             <artifactId>client</artifactId>
70 |             <scope>test</scope>
71 |         </dependency>
72 |         <dependency>
73 |             <groupId>ch.qos.logback</groupId>
74 |             <artifactId>logback-classic</artifactId>
75 |             <scope>test</scope>
76 |         </dependency>
77 |         <dependency>
78 |             <groupId>junit</groupId>
79 |             <artifactId>junit</artifactId>
80 |             <scope>test</scope>
81 |         </dependency>
82 |     </dependencies>
83 | 
84 | </project>
85 | 


--------------------------------------------------------------------------------
/graphql-validator/src/main/java/com/networknt/graphql/validator/ValidatorConfig.java:
--------------------------------------------------------------------------------
 1 | package com.networknt.graphql.validator;
 2 | 
 3 | import com.networknt.config.Config;
 4 | 
 5 | import java.util.Map;
 6 | 
 7 | /**
 8 |  * GraphQL validator configuration class
 9 |  *
10 |  * @author Steve Hu
11 |  */
12 | public class ValidatorConfig {
13 |     public static final String CONFIG_NAME = "graphql-validator";
14 |     public static final String ENABLED = "enabled";
15 |     public static final String LOG_ERROR = "logError";
16 | 
17 |     private boolean enabled;
18 |     private boolean logError;
19 | 
20 |     private Map<String, Object> mappedConfig;
21 |     private final Config config;
22 | 
23 |     private ValidatorConfig(String configName) {
24 |         config = Config.getInstance();
25 |         mappedConfig = config.getJsonMapConfigNoCache(configName);
26 |         setConfigData();
27 |     }
28 |     private ValidatorConfig() {
29 |         this(CONFIG_NAME);
30 |     }
31 | 
32 |     public static ValidatorConfig load(String configName) {
33 |         return new ValidatorConfig(configName);
34 |     }
35 | 
36 |     public static ValidatorConfig load() {
37 |         return new ValidatorConfig();
38 |     }
39 | 
40 |     public void reload() {
41 |         mappedConfig = config.getJsonMapConfigNoCache(CONFIG_NAME);
42 |         setConfigData();
43 |     }
44 | 
45 |     public void reload(String configName) {
46 |         mappedConfig = config.getJsonMapConfigNoCache(configName);
47 |         setConfigData();
48 |     }
49 | 
50 |     public boolean isEnabled() {
51 |         return enabled;
52 |     }
53 | 
54 |     public void setEnabled(boolean enabled) {
55 |         this.enabled = enabled;
56 |     }
57 | 
58 |     public boolean isLogError() { return logError; }
59 | 
60 |     public void setLogError(boolean logError) { this.logError = logError; }
61 | 
62 |     public Map<String, Object> getMappedConfig() {
63 |         return mappedConfig;
64 |     }
65 | 
66 |     private void setConfigData() {
67 |         if(getMappedConfig() != null) {
68 |             Object object = getMappedConfig().get(ENABLED);
69 |             if(object != null) enabled = Config.loadBooleanValue(ENABLED, object);
70 |             object = getMappedConfig().get(LOG_ERROR);
71 |             if(object != null) logError = Config.loadBooleanValue(LOG_ERROR, object);
72 |         }
73 |     }
74 | 
75 | }
76 | 


--------------------------------------------------------------------------------
/graphql-validator/src/main/java/com/networknt/graphql/validator/ValidatorHandler.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2016 Network New Technologies Inc.
  3 |  *
  4 |  * Licensed under the Apache License, Version 2.0 (the "License");
  5 |  * You may not use this file except in compliance with the License.
  6 |  * You may obtain a copy of the License at
  7 |  *
  8 |  *      http://www.apache.org/licenses/LICENSE-2.0
  9 |  *
 10 |  * Unless required by applicable law or agreed to in writing, software
 11 |  * distributed under the License is distributed on an "AS IS" BASIS,
 12 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |  * See the License for the specific language governing permissions and
 14 |  * limitations under the License.
 15 |  */
 16 | 
 17 | package com.networknt.graphql.validator;
 18 | 
 19 | import com.fasterxml.jackson.core.type.TypeReference;
 20 | import com.networknt.config.Config;
 21 | import com.networknt.graphql.common.GraphqlUtil;
 22 | import com.networknt.handler.Handler;
 23 | import com.networknt.handler.MiddlewareHandler;
 24 | import com.networknt.status.Status;
 25 | import com.networknt.utility.ModuleRegistry;
 26 | import io.undertow.Handlers;
 27 | import io.undertow.server.HttpHandler;
 28 | import io.undertow.server.HttpServerExchange;
 29 | import io.undertow.util.Headers;
 30 | import io.undertow.util.HttpString;
 31 | import io.undertow.util.Methods;
 32 | import org.slf4j.Logger;
 33 | import org.slf4j.LoggerFactory;
 34 | 
 35 | import java.util.Deque;
 36 | import java.util.HashMap;
 37 | import java.util.Map;
 38 | 
 39 | /**
 40 |  * This is a validator middleware handler for GraphQL. It validate the following:
 41 |  *
 42 |  * 1. The path is /graphql
 43 |  * 2. Method must be get, post, or options (for introspection)
 44 |  * 3. The query parameter is a valid GraphQL query
 45 |  * 4. The body is a valid GraphQL json body
 46 |  *
 47 |  * @author Steve Hu
 48 |  *
 49 |  */
 50 | public class ValidatorHandler implements MiddlewareHandler {
 51 |     public static final String GRAPHQL_CONFIG_NAME = "graphql-validator";
 52 |     public static final String CONFIG_NAME = "validator";
 53 | 
 54 |     static final String STATUS_GRAPHQL_INVALID_PATH = "ERR11500";
 55 |     static final String STATUS_GRAPHQL_INVALID_METHOD = "ERR11501";
 56 | 
 57 |     static final Logger logger = LoggerFactory.getLogger(ValidatorHandler.class);
 58 | 
 59 |     static ValidatorConfig config;
 60 | 
 61 |     private volatile HttpHandler next;
 62 | 
 63 |     public ValidatorHandler() {
 64 |         if(logger.isDebugEnabled()) logger.debug("ValidatorHandler is constructed");
 65 |         config = ValidatorConfig.load(GRAPHQL_CONFIG_NAME);
 66 |     }
 67 | 
 68 |     @Override
 69 |     public void handleRequest(final HttpServerExchange exchange) throws Exception {
 70 |         String path = exchange.getRequestPath();
 71 |         if(!path.equals(GraphqlUtil.config.getPath()) && !path.equals(GraphqlUtil.config.getSubscriptionsPath())) {
 72 |             // invalid GraphQL path
 73 |             setExchangeStatus(exchange, STATUS_GRAPHQL_INVALID_PATH, path, GraphqlUtil.config.getPath());
 74 |             return;
 75 |         }
 76 |         // verify the method is get or post.
 77 |         HttpString method = exchange.getRequestMethod();
 78 |         if(Methods.GET.equals(method)) {
 79 |             // validate query parameter exists
 80 |             Map<String, Deque<String>> queryParameters = exchange.getQueryParameters();
 81 |             final Map<String, Object> requestParameters = new HashMap<>();
 82 |             queryParameters.forEach((k, v) -> requestParameters.put(k, v.getFirst()));
 83 |             exchange.putAttachment(GraphqlUtil.GRAPHQL_PARAMS, requestParameters);
 84 |             Handler.next(exchange, next);
 85 |         } else if(Methods.POST.equals(method) || Methods.OPTIONS.equals(method)) {
 86 |             exchange.getRequestReceiver().receiveFullString((exchange1, s) -> {
 87 |                 try {
 88 |                     logger.debug("s = " + s);
 89 |                     if (s != null && s.length() > 0) {
 90 |                         Map<String, Object> requestParameters = Config.getInstance().getMapper().readValue(s,
 91 |                                 new TypeReference<HashMap<String, Object>>() {
 92 |                                 });
 93 |                         logger.debug("requestParameters = " + requestParameters);
 94 |                         exchange1.putAttachment(GraphqlUtil.GRAPHQL_PARAMS, requestParameters);
 95 |                     }
 96 |                     Handler.next(exchange1, next);
 97 |                 } catch (Exception e) {
 98 |                     e.printStackTrace();
 99 |                 }
100 |             });
101 | 
102 |         } else {
103 |             // invalid GraphQL method
104 |             Status status = new Status(STATUS_GRAPHQL_INVALID_METHOD, method);
105 |             logger.error("ValidationError:" + status.toString());
106 |             exchange.setStatusCode(status.getStatusCode());
107 |             exchange.getResponseHeaders().put(Headers.ALLOW, "GET, POST, OPTIONS");
108 |             exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json");
109 |             exchange.getResponseSender().send(status.toString());
110 |         }
111 |     }
112 | 
113 |     @Override
114 |     public HttpHandler getNext() {
115 |         return next;
116 |     }
117 | 
118 |     @Override
119 |     public MiddlewareHandler setNext(final HttpHandler next) {
120 |         Handlers.handlerNotNull(next);
121 |         this.next = next;
122 |         return this;
123 |     }
124 | 
125 |     @Override
126 |     public boolean isEnabled() {
127 |         return config.isEnabled();
128 |     }
129 | 
130 |     @Override
131 |     public void register() {
132 |         ModuleRegistry.registerModule(GRAPHQL_CONFIG_NAME, ValidatorHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(GRAPHQL_CONFIG_NAME), null);
133 |     }
134 | 
135 |     @Override
136 |     public void reload() {
137 |         config.reload(GRAPHQL_CONFIG_NAME);
138 |         ModuleRegistry.registerModule(GRAPHQL_CONFIG_NAME, ValidatorHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(GRAPHQL_CONFIG_NAME), null);
139 |     }
140 | 
141 | }
142 | 


--------------------------------------------------------------------------------
/graphql-validator/src/main/resources/config/graphql-validator.yml:
--------------------------------------------------------------------------------
 1 | # A light-graphql-4j framework specific validator configuration. It is introduced to support multiple
 2 | # frameworks in the same server instance and it is recommended. The old validator.yml will be loaded
 3 | # if graphql-validator.yml cannot be found for backward compatibility and it might be removed in the
 4 | # next major release.
 5 | ---
 6 | # Enable request validation against the specification
 7 | enabled: ${graphql-validator:true}
 8 | # Log error message if validation error occurs
 9 | logError: ${graphql-validator:true}
10 | 


--------------------------------------------------------------------------------
/graphql-validator/src/test/java/com/networknt/graphql/validator/ValidatorHandlerTest.java:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2016 Network New Technologies Inc.
  3 |  *
  4 |  * Licensed under the Apache License, Version 2.0 (the "License");
  5 |  * You may not use this file except in compliance with the License.
  6 |  * You may obtain a copy of the License at
  7 |  *
  8 |  *      http://www.apache.org/licenses/LICENSE-2.0
  9 |  *
 10 |  * Unless required by applicable law or agreed to in writing, software
 11 |  * distributed under the License is distributed on an "AS IS" BASIS,
 12 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |  * See the License for the specific language governing permissions and
 14 |  * limitations under the License.
 15 |  */
 16 | 
 17 | package com.networknt.graphql.validator;
 18 | 
 19 | import com.networknt.client.Http2Client;
 20 | import com.networknt.config.Config;
 21 | import com.networknt.status.Status;
 22 | import com.networknt.exception.ClientException;
 23 | import io.undertow.Handlers;
 24 | import io.undertow.Undertow;
 25 | import io.undertow.client.ClientConnection;
 26 | import io.undertow.client.ClientRequest;
 27 | import io.undertow.client.ClientResponse;
 28 | import io.undertow.server.HttpHandler;
 29 | import io.undertow.server.RoutingHandler;
 30 | import io.undertow.util.Headers;
 31 | import io.undertow.util.Methods;
 32 | import org.junit.AfterClass;
 33 | import org.junit.Assert;
 34 | import org.junit.BeforeClass;
 35 | import org.junit.Test;
 36 | import org.slf4j.Logger;
 37 | import org.slf4j.LoggerFactory;
 38 | import org.xnio.IoUtils;
 39 | import org.xnio.OptionMap;
 40 | 
 41 | import java.net.URI;
 42 | import java.util.concurrent.CountDownLatch;
 43 | import java.util.concurrent.TimeUnit;
 44 | import java.util.concurrent.atomic.AtomicReference;
 45 | 
 46 | 
 47 | /**
 48 |  * Test cases for ValidatorHandler
 49 |  *
 50 |  * @author Steve Hu
 51 |  */
 52 | public class ValidatorHandlerTest {
 53 |     private static final Logger logger = LoggerFactory.getLogger(ValidatorHandlerTest.class);
 54 | 
 55 |     private static Undertow server = null;
 56 | 
 57 |     @BeforeClass
 58 |     public static void setUp() {
 59 |         if(server == null) {
 60 |             logger.info("starting server");
 61 |             HttpHandler handler = getTestHandler();
 62 |             ValidatorHandler validatorHandler = new ValidatorHandler();
 63 |             validatorHandler.setNext(handler);
 64 |             server = Undertow.builder()
 65 |                     .addHttpListener(7080, "localhost")
 66 |                     .setHandler(validatorHandler)
 67 |                     .build();
 68 |             server.start();
 69 |         }
 70 |     }
 71 | 
 72 |     @AfterClass
 73 |     public static void tearDown() {
 74 |         if(server != null) {
 75 |             try {
 76 |                 Thread.sleep(100);
 77 |             } catch (InterruptedException ignored) {
 78 | 
 79 |             }
 80 |             server.stop();
 81 |             logger.info("The server is stopped.");
 82 |         }
 83 |     }
 84 | 
 85 |     private static RoutingHandler getTestHandler() {
 86 |         return Handlers.routing()
 87 |                 .add(Methods.GET, "/graphql", exchange -> exchange.getResponseSender().send("get"))
 88 |                 .add(Methods.POST, "/graphql", exchange -> exchange.getResponseSender().send("post"));
 89 |     }
 90 | 
 91 |     @Test
 92 |     public void testInvalidGetPath() throws Exception {
 93 |         final Http2Client client = Http2Client.getInstance();
 94 |         final CountDownLatch latch = new CountDownLatch(1);
 95 |         final ClientConnection connection;
 96 |         try {
 97 |             connection = client.connect(new URI("http://localhost:7080"), Http2Client.WORKER, Http2Client.SSL, Http2Client.BUFFER_POOL, OptionMap.EMPTY).get();
 98 |         } catch (Exception e) {
 99 |             throw new ClientException(e);
100 |         }
101 |         final AtomicReference<ClientResponse> reference = new AtomicReference<>();
102 |         try {
103 |             ClientRequest request = new ClientRequest().setPath("/v1/graphql").setMethod(Methods.GET);
104 |             request.getRequestHeaders().put(Headers.HOST, "localhost");
105 |             connection.sendRequest(request, client.createClientCallback(reference, latch));
106 |             latch.await();
107 |         } catch (Exception e) {
108 |             logger.error("Exception: ", e);
109 |             throw new ClientException(e);
110 |         } finally {
111 |             IoUtils.safeClose(connection);
112 |         }
113 |         int statusCode = reference.get().getResponseCode();
114 |         String body = reference.get().getAttachment(Http2Client.RESPONSE_BODY);
115 |         Assert.assertEquals(400, statusCode);
116 |         if(statusCode == 400) {
117 |             Status status = Config.getInstance().getMapper().readValue(body, Status.class);
118 |             Assert.assertEquals("ERR11500", status.getCode());
119 |         }
120 |     }
121 | 
122 |     @Test
123 |     public void testInvalidPostPath() throws Exception {
124 |         final AtomicReference<ClientResponse> reference = new AtomicReference<>();
125 |         final Http2Client client = Http2Client.getInstance();
126 |         final CountDownLatch latch = new CountDownLatch(1);
127 |         final ClientConnection connection;
128 |         try {
129 |             connection = client.connect(new URI("http://localhost:7080"), Http2Client.WORKER, Http2Client.SSL, Http2Client.BUFFER_POOL, OptionMap.EMPTY).get();
130 |         } catch (Exception e) {
131 |             throw new ClientException(e);
132 |         }
133 | 
134 |         try {
135 |             String post = "Hello";
136 |             connection.getIoThread().execute(() -> {
137 |                 final ClientRequest request = new ClientRequest().setMethod(Methods.POST).setPath("/v2/pet");
138 |                 request.getRequestHeaders().put(Headers.HOST, "localhost");
139 |                 request.getRequestHeaders().put(Headers.CONTENT_TYPE, "application/json");
140 |                 request.getRequestHeaders().put(Headers.TRANSFER_ENCODING, "chunked");
141 |                 connection.sendRequest(request, client.createClientCallback(reference, latch, post));
142 |             });
143 | 
144 |             latch.await(10, TimeUnit.SECONDS);
145 |         } catch (Exception e) {
146 |             logger.error("IOException: ", e);
147 |             throw new ClientException(e);
148 |         } finally {
149 |             IoUtils.safeClose(connection);
150 |         }
151 |         int statusCode = reference.get().getResponseCode();
152 |         String body = reference.get().getAttachment(Http2Client.RESPONSE_BODY);
153 |         Assert.assertEquals(400, statusCode);
154 |         if(statusCode == 400) {
155 |             Status status = Config.getInstance().getMapper().readValue(body, Status.class);
156 |             Assert.assertEquals("ERR11500", status.getCode());
157 |         }
158 |     }
159 | 
160 |     @Test
161 |     public void testInvalidMethod() throws Exception {
162 |         final Http2Client client = Http2Client.getInstance();
163 |         final CountDownLatch latch = new CountDownLatch(1);
164 |         final ClientConnection connection;
165 |         try {
166 |             connection = client.connect(new URI("http://localhost:7080"), Http2Client.WORKER, Http2Client.SSL, Http2Client.BUFFER_POOL, OptionMap.EMPTY).get();
167 |         } catch (Exception e) {
168 |             throw new ClientException(e);
169 |         }
170 |         final AtomicReference<ClientResponse> reference = new AtomicReference<>();
171 |         try {
172 |             ClientRequest request = new ClientRequest().setPath("/graphql").setMethod(Methods.DELETE);
173 |             request.getRequestHeaders().put(Headers.HOST, "localhost");
174 |             connection.sendRequest(request, client.createClientCallback(reference, latch));
175 |             latch.await();
176 |         } catch (Exception e) {
177 |             logger.error("Exception: ", e);
178 |             throw new ClientException(e);
179 |         } finally {
180 |             IoUtils.safeClose(connection);
181 |         }
182 |         int statusCode = reference.get().getResponseCode();
183 |         String body = reference.get().getAttachment(Http2Client.RESPONSE_BODY);
184 |         Assert.assertEquals(405, statusCode);
185 |         if(statusCode == 405) {
186 |             Status status = Config.getInstance().getMapper().readValue(body, Status.class);
187 |             Assert.assertEquals("ERR11501", status.getCode());
188 |         }
189 |     }
190 | 
191 | 
192 |     @Test
193 |     public void testvalidPostPath() throws Exception {
194 |         final AtomicReference<ClientResponse> reference = new AtomicReference<>();
195 |         final Http2Client client = Http2Client.getInstance();
196 |         final CountDownLatch latch = new CountDownLatch(1);
197 |         final ClientConnection connection;
198 |         try {
199 |             connection = client.connect(new URI("http://localhost:7080"), Http2Client.WORKER, Http2Client.SSL, Http2Client.BUFFER_POOL, OptionMap.EMPTY).get();
200 |         } catch (Exception e) {
201 |             throw new ClientException(e);
202 |         }
203 | 
204 |         try {
205 |             String post = "{\"query\":\"{ hello }\",\"variables\":null,\"operationName\":null}";
206 |             connection.getIoThread().execute(() -> {
207 |                 final ClientRequest request = new ClientRequest().setMethod(Methods.POST).setPath("/graphql");
208 |                 request.getRequestHeaders().put(Headers.HOST, "localhost");
209 |                 request.getRequestHeaders().put(Headers.CONTENT_TYPE, "application/json");
210 |                 request.getRequestHeaders().put(Headers.TRANSFER_ENCODING, "chunked");
211 |                 connection.sendRequest(request, client.createClientCallback(reference, latch, post));
212 |             });
213 | 
214 |             latch.await(10, TimeUnit.SECONDS);
215 |         } catch (Exception e) {
216 |             logger.error("IOException: ", e);
217 |             throw new ClientException(e);
218 |         } finally {
219 |             IoUtils.safeClose(connection);
220 |         }
221 |         int statusCode = reference.get().getResponseCode();
222 |         String body = reference.get().getAttachment(Http2Client.RESPONSE_BODY);
223 |         Assert.assertEquals(200, statusCode);
224 |         if(statusCode == 200) {
225 |             Assert.assertNotNull(body);
226 |         }
227 | 
228 |     }
229 | 
230 | }
231 | 


--------------------------------------------------------------------------------
/graphql-validator/src/test/resources/config/graphql-validator.yml:
--------------------------------------------------------------------------------
1 | # This is specific GraphQL validator configuration file. It is introduced to support multiple
2 | # frameworks in the same server instance and it is recommended. If this file cannot be found,
3 | # the generic validator.yml will be loaded as a fallback.
4 | ---
5 | # Enable request validation against the specification
6 | enabled: true
7 | # Log error message if validation error occurs
8 | logError: true
9 | 


--------------------------------------------------------------------------------
/graphql-validator/src/test/resources/logback-test.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!--
 3 |   ~ Copyright (c) 2016 Network New Technologies Inc.
 4 |   ~
 5 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
 6 |   ~ You may not use this file except in compliance with the License.
 7 |   ~ You may obtain a copy of the License at
 8 |   ~
 9 |   ~      http://www.apache.org/licenses/LICENSE-2.0
10 |   ~
11 |   ~ Unless required by applicable law or agreed to in writing, software
12 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
13 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |   ~ See the License for the specific language governing permissions and
15 |   ~ limitations under the License.
16 |   -->
17 | 
18 | <configuration>
19 |     TODO create logger for audit only.
20 |     http://stackoverflow.com/questions/2488558/logback-to-log-different-messages-to-two-files
21 |     <turboFilter class="ch.qos.logback.classic.turbo.MarkerFilter">
22 |         <Marker>PROFILER</Marker>
23 |         <!--<OnMatch>DENY</OnMatch>-->
24 |         <OnMatch>NEUTRAL</OnMatch>
25 |     </turboFilter>
26 | 
27 |     <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
28 |     <!-- encoders are assigned the type
29 |          ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
30 |         <encoder>
31 |             <pattern>%d{HH:mm:ss.SSS} [%thread] %-5marker %-5level %logger{36} - %msg%n</pattern>
32 |         </encoder>
33 |     </appender>
34 | 
35 |     <appender name="log" class="ch.qos.logback.core.FileAppender">
36 |         <File>target/test.log</File>
37 |         <Append>false</Append>
38 |         <layout class="ch.qos.logback.classic.PatternLayout">
39 |             <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %class{36}:%L %M - %msg%n</Pattern>
40 |         </layout>
41 |     </appender>
42 | 
43 |     <!--audit log-->
44 |     <appender name="audit" class="ch.qos.logback.core.rolling.RollingFileAppender">
45 |         <file>target/audit.log</file> <!-- logfile location -->
46 |         <encoder>
47 |             <pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern> <!-- the layout pattern used to format log entries -->
48 |             <immediateFlush>true</immediateFlush>
49 |         </encoder>
50 |         <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
51 |             <fileNamePattern>target/audit.log.%i.zip</fileNamePattern>
52 |             <minIndex>1</minIndex>
53 |             <maxIndex>5</maxIndex> <!-- max number of archived logs that are kept -->
54 |         </rollingPolicy>
55 |         <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
56 |             <maxFileSize>200MB</maxFileSize> <!-- The size of the logfile that triggers a switch to a new logfile, and the current one archived -->
57 |         </triggeringPolicy>
58 |     </appender>
59 | 
60 |     <root level="trace">
61 |         <appender-ref ref="stdout" />
62 |     </root>
63 | 
64 |     <logger name="com.networknt" level="trace">
65 |         <appender-ref ref="log"/>
66 |     </logger>
67 | 
68 |     <logger name="Audit" level="trace" additivity="false">
69 |         <appender-ref ref="audit"/>
70 |     </logger>
71 | 
72 | </configuration>
73 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
  1 | <!--
  2 |   ~ Copyright (c) 2016 Network New Technologies Inc.
  3 |   ~
  4 |   ~ Licensed under the Apache License, Version 2.0 (the "License");
  5 |   ~ You may not use this file except in compliance with the License.
  6 |   ~ You may obtain a copy of the License at
  7 |   ~
  8 |   ~      http://www.apache.org/licenses/LICENSE-2.0
  9 |   ~
 10 |   ~ Unless required by applicable law or agreed to in writing, software
 11 |   ~ distributed under the License is distributed on an "AS IS" BASIS,
 12 |   ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13 |   ~ See the License for the specific language governing permissions and
 14 |   ~ limitations under the License.
 15 |   -->
 16 | 
 17 | <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
 18 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 19 |     <modelVersion>4.0.0</modelVersion>
 20 |     <groupId>com.networknt</groupId>
 21 |     <artifactId>light-graphql-4j</artifactId>
 22 |     <version>2.2.3-SNAPSHOT</version>
 23 |     <packaging>pom</packaging>
 24 |     <name>Parent POM</name>
 25 |     <description>Light 4J Framework GraphQL Components</description>
 26 |     <url>https://github.com/networknt/light-graphql-4j</url>
 27 | 
 28 |     <developers>
 29 |         <developer>
 30 |             <id>stevehu</id>
 31 |             <name>Steve Hu</name>
 32 |             <email>stevehu@gmail.com</email>
 33 |         </developer>
 34 |     </developers>
 35 | 
 36 |     <issueManagement>
 37 |         <system>github</system>
 38 |         <url>https://github.com/networknt/light-graphql-4j/issues</url>
 39 |     </issueManagement>
 40 | 
 41 |     <licenses>
 42 |         <license>
 43 |             <name>Apache License Version 2.0</name>
 44 |             <url>http://repository.jboss.org/licenses/apache-2.0.txt</url>
 45 |             <distribution>repo</distribution>
 46 |         </license>
 47 |     </licenses>
 48 | 
 49 |     <scm>
 50 |         <connection>scm:git://github.com:networknt/light-graphql-4j.git</connection>
 51 |         <developerConnection>scm:git://github.com:networknt/light-graphql-4j.git</developerConnection>
 52 |         <url>https://github.com:networknt/light-graphql-4j.git</url>
 53 |     </scm>
 54 | 
 55 |     <distributionManagement>
 56 |         <repository>
 57 |             <id>central</id>
 58 |             <url>https://central.sonatype.com/service/local/staging/deploy/maven2/</url>
 59 |         </repository>
 60 |         <snapshotRepository>
 61 |             <id>central</id>
 62 |             <url>https://central.sonatype.com/repository/maven-snapshots/</url>
 63 |         </snapshotRepository>
 64 |     </distributionManagement>
 65 | 
 66 |     <repositories>
 67 |         <repository>
 68 |             <id>snapshot</id>
 69 |             <url>https://central.sonatype.com/repository/maven-snapshots/</url>
 70 |             <releases>
 71 |                 <enabled>false</enabled>
 72 |             </releases>
 73 |             <snapshots>
 74 |                 <enabled>true</enabled>
 75 |             </snapshots>
 76 |         </repository>
 77 |         <repository>
 78 |             <id>central</id>
 79 |             <url>https://repo1.maven.org/maven2</url>
 80 |             <releases>
 81 |                 <enabled>true</enabled>
 82 |             </releases>
 83 |         </repository>
 84 |     </repositories>
 85 |     <pluginRepositories>
 86 |         <pluginRepository>
 87 |             <id>central</id>
 88 |             <url>https://repo1.maven.org/maven2</url>
 89 |             <releases>
 90 |                 <enabled>true</enabled>
 91 |             </releases>
 92 |         </pluginRepository>
 93 |     </pluginRepositories>
 94 | 
 95 |     <properties>
 96 |         <java.version>21</java.version>
 97 |         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 98 |         <version.light-4j>2.2.3-SNAPSHOT</version.light-4j>
 99 |         <version.jackson>2.18.3</version.jackson>
100 |         <version.slf4j>2.0.17</version.slf4j>
101 |         <version.jose4j>0.9.6</version.jose4j>
102 |         <version.commons-text>1.3</version.commons-text>
103 |         <version.logback>1.5.18</version.logback>
104 |         <version.junit>4.13.2</version.junit>
105 |         <version.mockito>2.10.0</version.mockito>
106 |         <version.undertow>2.3.18.Final</version.undertow>
107 |         <version.assertj>3.8.0</version.assertj>
108 |         <version.graphql>22.2</version.graphql>
109 |         <versions.maven-version>2.4</versions.maven-version>
110 |         <version.javadoc-packagelist-plugin>1.0.0</version.javadoc-packagelist-plugin>
111 |         <version.maven-javadoc>3.4.1</version.maven-javadoc>
112 |         <version.nexus-staging-maven>1.7.0</version.nexus-staging-maven>
113 |         <version.maven-gpg>3.2.7</version.maven-gpg>
114 |     </properties>
115 | 
116 |     <modules>
117 |         <module>graphql-common</module>
118 |         <module>graphql-validator</module>
119 |         <module>graphql-security</module>
120 |         <module>graphql-router</module>
121 |     </modules>
122 | 
123 |     <dependencyManagement>
124 |         <dependencies>
125 |             <!-- Modules in this project -->
126 |             <dependency>
127 |                 <groupId>com.networknt</groupId>
128 |                 <artifactId>graphql-common</artifactId>
129 |                 <version>${project.version}</version>
130 |             </dependency>
131 |             <dependency>
132 |                 <groupId>com.networknt</groupId>
133 |                 <artifactId>graphql-security</artifactId>
134 |                 <version>${project.version}</version>
135 |             </dependency>
136 |             <dependency>
137 |                 <groupId>com.networknt</groupId>
138 |                 <artifactId>graphql-router</artifactId>
139 |                 <version>${project.version}</version>
140 |             </dependency>
141 |             <dependency>
142 |                 <groupId>com.networknt</groupId>
143 |                 <artifactId>graphql-validator</artifactId>
144 |                 <version>${project.version}</version>
145 |             </dependency>
146 | 
147 |             <dependency>
148 |                 <groupId>com.networknt</groupId>
149 |                 <artifactId>config</artifactId>
150 |                 <version>${version.light-4j}</version>
151 |             </dependency>
152 |             <dependency>
153 |                 <groupId>com.networknt</groupId>
154 |                 <artifactId>utility</artifactId>
155 |                 <version>${version.light-4j}</version>
156 |             </dependency>
157 |             <dependency>
158 |                 <groupId>com.networknt</groupId>
159 |                 <artifactId>http-string</artifactId>
160 |                 <version>${version.light-4j}</version>
161 |             </dependency>
162 |             <dependency>
163 |                 <groupId>com.networknt</groupId>
164 |                 <artifactId>security</artifactId>
165 |                 <version>${version.light-4j}</version>
166 |             </dependency>
167 |             <dependency>
168 |                 <groupId>com.networknt</groupId>
169 |                 <artifactId>client</artifactId>
170 |                 <version>${version.light-4j}</version>
171 |             </dependency>
172 |             <dependency>
173 |                 <groupId>com.networknt</groupId>
174 |                 <artifactId>audit</artifactId>
175 |                 <version>${version.light-4j}</version>
176 |             </dependency>
177 |             <dependency>
178 |                 <groupId>com.networknt</groupId>
179 |                 <artifactId>dump</artifactId>
180 |                 <version>${version.light-4j}</version>
181 |             </dependency>
182 |             <dependency>
183 |                 <groupId>com.networknt</groupId>
184 |                 <artifactId>info</artifactId>
185 |                 <version>${version.light-4j}</version>
186 |             </dependency>
187 |             <dependency>
188 |                 <groupId>com.networknt</groupId>
189 |                 <artifactId>health</artifactId>
190 |                 <version>${version.light-4j}</version>
191 |             </dependency>
192 |             <dependency>
193 |                 <groupId>com.networknt</groupId>
194 |                 <artifactId>status</artifactId>
195 |                 <version>${version.light-4j}</version>
196 |             </dependency>
197 |             <dependency>
198 |                 <groupId>com.networknt</groupId>
199 |                 <artifactId>exception</artifactId>
200 |                 <version>${version.light-4j}</version>
201 |             </dependency>
202 |             <dependency>
203 |                 <groupId>com.networknt</groupId>
204 |                 <artifactId>body</artifactId>
205 |                 <version>${version.light-4j}</version>
206 |             </dependency>
207 |             <dependency>
208 |                 <groupId>com.networknt</groupId>
209 |                 <artifactId>mask</artifactId>
210 |                 <version>${version.light-4j}</version>
211 |             </dependency>
212 |             <dependency>
213 |                 <groupId>com.networknt</groupId>
214 |                 <artifactId>handler</artifactId>
215 |                 <version>${version.light-4j}</version>
216 |             </dependency>
217 |             <dependency>
218 |                 <groupId>com.networknt</groupId>
219 |                 <artifactId>metrics</artifactId>
220 |                 <version>${version.light-4j}</version>
221 |             </dependency>
222 |             <dependency>
223 |                 <groupId>com.networknt</groupId>
224 |                 <artifactId>sanitizer</artifactId>
225 |                 <version>${version.light-4j}</version>
226 |             </dependency>
227 |             <dependency>
228 |                 <groupId>com.networknt</groupId>
229 |                 <artifactId>traceability</artifactId>
230 |                 <version>${version.light-4j}</version>
231 |             </dependency>
232 |             <dependency>
233 |                 <groupId>com.networknt</groupId>
234 |                 <artifactId>correlation</artifactId>
235 |                 <version>${version.light-4j}</version>
236 |             </dependency>
237 |             <dependency>
238 |                 <groupId>com.networknt</groupId>
239 |                 <artifactId>service</artifactId>
240 |                 <version>${version.light-4j}</version>
241 |             </dependency>
242 |             <dependency>
243 |                 <groupId>com.networknt</groupId>
244 |                 <artifactId>switcher</artifactId>
245 |                 <version>${version.light-4j}</version>
246 |             </dependency>
247 |             <dependency>
248 |                 <groupId>com.networknt</groupId>
249 |                 <artifactId>registry</artifactId>
250 |                 <version>${version.light-4j}</version>
251 |             </dependency>
252 |             <dependency>
253 |                 <groupId>com.networknt</groupId>
254 |                 <artifactId>balance</artifactId>
255 |                 <version>${version.light-4j}</version>
256 |             </dependency>
257 |             <dependency>
258 |                 <groupId>com.networknt</groupId>
259 |                 <artifactId>consul</artifactId>
260 |                 <version>${version.light-4j}</version>
261 |             </dependency>
262 |             <dependency>
263 |                 <groupId>com.networknt</groupId>
264 |                 <artifactId>zookeeper</artifactId>
265 |                 <version>${version.light-4j}</version>
266 |             </dependency>
267 |             <dependency>
268 |                 <groupId>com.networknt</groupId>
269 |                 <artifactId>cors</artifactId>
270 |                 <version>${version.light-4j}</version>
271 |             </dependency>
272 |             <dependency>
273 |                 <groupId>com.networknt</groupId>
274 |                 <artifactId>server</artifactId>
275 |                 <version>${version.light-4j}</version>
276 |             </dependency>
277 |             <!-- External dependencies -->
278 | 
279 |             <dependency>
280 |                 <groupId>com.fasterxml.jackson.core</groupId>
281 |                 <artifactId>jackson-databind</artifactId>
282 |                 <version>${version.jackson}</version>
283 |             </dependency>
284 |             <dependency>
285 |                 <groupId>org.slf4j</groupId>
286 |                 <artifactId>slf4j-api</artifactId>
287 |                 <version>${version.slf4j}</version>
288 |             </dependency>
289 |             <dependency>
290 |                 <groupId>org.bitbucket.b_c</groupId>
291 |                 <artifactId>jose4j</artifactId>
292 |                 <version>${version.jose4j}</version>
293 |             </dependency>
294 |             <dependency>
295 |                 <groupId>io.undertow</groupId>
296 |                 <artifactId>undertow-core</artifactId>
297 |                 <version>${version.undertow}</version>
298 |             </dependency>
299 |             <dependency>
300 |                 <groupId>com.graphql-java</groupId>
301 |                 <artifactId>graphql-java</artifactId>
302 |                 <version>${version.graphql}</version>
303 |             </dependency>
304 | 
305 |             <!-- Test dependencies -->
306 |             <dependency>
307 |                 <groupId>ch.qos.logback</groupId>
308 |                 <artifactId>logback-classic</artifactId>
309 |                 <version>${version.logback}</version>
310 |                 <scope>test</scope>
311 |             </dependency>
312 |             <dependency>
313 |                 <groupId>junit</groupId>
314 |                 <artifactId>junit</artifactId>
315 |                 <version>${version.junit}</version>
316 |                 <scope>test</scope>
317 |             </dependency>
318 |             <dependency>
319 |                 <groupId>org.mockito</groupId>
320 |                 <artifactId>mockito-core</artifactId>
321 |                 <version>${version.mockito}</version>
322 |                 <scope>test</scope>
323 |             </dependency>
324 |             <dependency>
325 |                 <groupId>org.assertj</groupId>
326 |                 <artifactId>assertj-core</artifactId>
327 |                 <version>${version.assertj}</version>
328 |                 <scope>test</scope>
329 |             </dependency>
330 |             <dependency>
331 |                 <groupId>org.apache.commons</groupId>
332 |                 <artifactId>commons-text</artifactId>
333 |                 <version>${version.commons-text}</version>
334 |                 <scope>test</scope>
335 |             </dependency>
336 |         </dependencies>
337 |     </dependencyManagement>
338 | 
339 |     <build>
340 |         <sourceDirectory>${basedir}/src/main/java</sourceDirectory>
341 |         <testSourceDirectory>${basedir}/src/test/java</testSourceDirectory>
342 |         <resources>
343 |             <resource>
344 |                 <filtering>false</filtering>
345 |                 <directory>${basedir}/src/main/resources</directory>
346 |                 <includes>
347 |                     <include>**/*</include>
348 |                 </includes>
349 |             </resource>
350 |         </resources>
351 |         <testResources>
352 |             <testResource>
353 |                 <filtering>false</filtering>
354 |                 <directory>${basedir}/src/test/resources</directory>
355 |                 <includes>
356 |                     <include>**/*</include>
357 |                 </includes>
358 |             </testResource>
359 |         </testResources>
360 | 
361 |         <plugins>
362 |             <plugin>
363 |                 <groupId>com.networknt</groupId>
364 |                 <artifactId>javadoc-packagelist-maven-plugin</artifactId>
365 |                 <version>${version.javadoc-packagelist-plugin}</version>
366 |                 <executions>
367 |                     <execution>
368 |                         <phase>package</phase>
369 |                         <goals>
370 |                             <goal>gen-package-list</goal>
371 |                         </goals>
372 |                     </execution>
373 |                 </executions>
374 |             </plugin>
375 | 
376 |             <plugin>
377 |                 <groupId>org.apache.maven.plugins</groupId>
378 |                 <artifactId>maven-source-plugin</artifactId>
379 |                 <version>3.0.1</version>
380 |                 <executions>
381 |                     <execution>
382 |                         <id>attach-sources</id>
383 |                         <goals>
384 |                             <goal>jar</goal>
385 |                         </goals>
386 |                     </execution>
387 |                 </executions>
388 |             </plugin>
389 |             <plugin>
390 |                 <groupId>org.apache.maven.plugins</groupId>
391 |                 <artifactId>maven-javadoc-plugin</artifactId>
392 |                 <version>${version.maven-javadoc}</version>
393 |                 <executions>
394 |                     <execution>
395 |                         <id>attach-javadocs</id>
396 |                         <goals>
397 |                             <goal>jar</goal>
398 |                         </goals>
399 |                     </execution>
400 |                 </executions>
401 |             </plugin>
402 |             <plugin>
403 |                 <groupId>org.apache.maven.plugins</groupId>
404 |                 <artifactId>maven-surefire-plugin</artifactId>
405 |                 <version>2.19.1</version>
406 |                 <dependencies>
407 |                     <dependency>
408 |                         <groupId>org.apache.maven.surefire</groupId>
409 |                         <artifactId>surefire-junit47</artifactId>
410 |                         <version>2.19.1</version>
411 |                     </dependency>
412 |                 </dependencies>
413 |             </plugin>
414 |             <!-- JACOCO added for code coverage -->
415 |             <plugin>
416 |                 <groupId>org.jacoco</groupId>
417 |                 <artifactId>jacoco-maven-plugin</artifactId>
418 |                 <version>0.7.9</version>
419 |                 <executions>
420 |                     <execution>
421 |                         <id>pre-unit-test</id>
422 |                         <goals>
423 |                             <goal>prepare-agent</goal>
424 |                         </goals>
425 |                         <configuration>
426 |                             <propertyName>surefireArgLine</propertyName>
427 |                         </configuration>
428 |                     </execution>
429 |                     <execution>
430 |                         <id>post-unit-test</id>
431 |                         <phase>test</phase>
432 |                         <goals>
433 |                             <goal>report</goal>
434 |                         </goals>
435 |                     </execution>
436 |                 </executions>
437 |             </plugin>
438 |             <!-- end JACOCO -->
439 |             <plugin>
440 |                 <groupId>org.apache.maven.plugins</groupId>
441 |                 <artifactId>maven-compiler-plugin</artifactId>
442 |                 <version>3.8.0</version>
443 |                 <configuration>
444 |                     <release>10</release>
445 |                 </configuration>
446 |             </plugin>
447 |         </plugins>
448 |         <pluginManagement>
449 |         	<plugins>
450 |         		<!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
451 |         		<plugin>
452 |         			<groupId>org.eclipse.m2e</groupId>
453 |         			<artifactId>lifecycle-mapping</artifactId>
454 |         			<version>1.0.0</version>
455 |         			<configuration>
456 |         				<lifecycleMappingMetadata>
457 |         					<pluginExecutions>
458 |         						<pluginExecution>
459 |         							<pluginExecutionFilter>
460 |         								<groupId>
461 |         									org.apache.maven.plugins
462 |         								</groupId>
463 |         								<artifactId>
464 |         									maven-compiler-plugin
465 |         								</artifactId>
466 |         								<versionRange>
467 |         									[3.3,)
468 |         								</versionRange>
469 |         								<goals>
470 |         									<goal>compile</goal>
471 |         									<goal>testCompile</goal>
472 |         								</goals>
473 |         							</pluginExecutionFilter>
474 |         							<action>
475 |         								<ignore></ignore>
476 |         							</action>
477 |         						</pluginExecution>
478 |         						<pluginExecution>
479 |         							<pluginExecutionFilter>
480 |         								<groupId>org.jacoco</groupId>
481 |         								<artifactId>
482 |         									jacoco-maven-plugin
483 |         								</artifactId>
484 |         								<versionRange>
485 |         									[0.7.4.201502262128,)
486 |         								</versionRange>
487 |         								<goals>
488 |         									<goal>prepare-agent</goal>
489 |         								</goals>
490 |         							</pluginExecutionFilter>
491 |         							<action>
492 |         								<ignore></ignore>
493 |         							</action>
494 |         						</pluginExecution>
495 |         					</pluginExecutions>
496 |         				</lifecycleMappingMetadata>
497 |         			</configuration>
498 |         		</plugin>
499 |         	</plugins>
500 |         </pluginManagement>
501 |     </build>
502 | 
503 |     <reporting>
504 |         <plugins>
505 |             <plugin>
506 |                 <groupId>org.apache.maven.plugins</groupId>
507 |                 <artifactId>maven-surefire-report-plugin</artifactId>
508 |                 <version>2.20.1</version>
509 |             </plugin>
510 |         </plugins>
511 |     </reporting>
512 | 
513 |     <profiles>
514 |         <profile>
515 |             <id>release-sign-artifacts</id>
516 |             <activation>
517 |                 <property>
518 |                     <name>performRelease</name>
519 |                     <value>true</value>
520 |                 </property>
521 |             </activation>
522 |             <build>
523 |                 <plugins>
524 |                     <plugin>
525 |                         <groupId>org.apache.maven.plugins</groupId>
526 |                         <artifactId>maven-gpg-plugin</artifactId>
527 |                         <version>${version.maven-gpg}</version>
528 |                         <executions>
529 |                             <execution>
530 |                                 <id>sign-artifacts</id>
531 |                                 <phase>verify</phase>
532 |                                 <goals>
533 |                                     <goal>sign</goal>
534 |                                 </goals>
535 |                             </execution>
536 |                         </executions>
537 |                     </plugin>
538 |                     <plugin>
539 |                         <groupId>org.sonatype.central</groupId>
540 |                         <artifactId>central-publishing-maven-plugin</artifactId>
541 |                         <version>0.7.0</version>
542 |                         <extensions>true</extensions>
543 |                         <configuration>
544 |                             <publishingServerId>central</publishingServerId>
545 |                             <autoPublish>true</autoPublish>
546 |                         </configuration>
547 |                     </plugin>
548 |                 </plugins>
549 |             </build>
550 |         </profile>
551 |     </profiles>
552 | </project>
553 | 


--------------------------------------------------------------------------------