Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GraphQL & Java: The less obvious

Avatar for Bojan Tomić Bojan Tomić
May 17, 2017
Technology
0
150

GraphQL & Java: The less obvious

A presentation on the less obvious aspects of introducing GraphQL into a Java-based stack, and an approach to dynamic schema generation. Originally presented at Codemotion Amsterdam 2017.
Avatar for Bojan Tomić

Bojan Tomić

May 17, 2017
Tweet

More Decks by Bojan Tomić

See All by Bojan Tomić
GraphQL & Java - Keep it dynamic [JUG Utrecht]
Avatar for Bojan Tomić kaqqao
1
350
GraphQL 101: What it is and why you do want it
Avatar for Bojan Tomić kaqqao
0
100

Other Decks in Technology

See All in Technology
白金鉱業Meetup_Vol.19_PoCはデモで語れ!顧客の本音とインサイトを引き出すソリューション構築​
Avatar for BrainPad brainpadpr
2
470
データプラットフォーム技術におけるメダリオンアーキテクチャという考え方/DataPlatformWithMedallionArchitecture
Avatar for Masatoshi Shimada smdmts
5
550
ローカルLLMでファインチューニング
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
0
120
強化されたAmazon Location Serviceによる新機能と開発者体験
Avatar for Yasunori Kirimoto dayjournal
2
150
kubellが挑むBPaaSにおける、人とAIエージェントによるサービス開発の最前線と技術展望
Avatar for kubell kubell_hr
1
390
本当に使える?AutoUpgrade の新機能を実践検証してみた
Avatar for oracle4engineer oracle4engineer
PRO
1
120
Workflows から Agents へ ~ 生成 AI アプリの成長過程とアプローチ~
Avatar for Belong inc. belongadmin
3
170
Observability в PHP без боли. Олег Мифле, тимлид Altenar
Avatar for Lamoda Tech lamodatech
0
270
変化する開発、進化する体系時代に適応するソフトウェアエンジニアの知識と考え方(JaSST'25 Kansai)
Avatar for みずのり mizunori
0
120
OTFSG勉強会 / Introduction to the History of Delta Lake + Iceberg
Avatar for Databricks Japan databricksjapan
0
120
Prox Industries株式会社 会社紹介資料
Avatar for Prox proxindustries
0
180
生成AIでwebアプリケーションを作ってみた
Avatar for tajimon tajimon
2
120

Featured

See All Featured
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
134
9.3k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
1
340
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
430
65k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
69
4.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
252
21k
Designing for Performance
Avatar for Lara Hogan lara
609
69k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
614
210k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
53
11k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k

Transcript

  1. Java  &  GraphQL:  The  less  obvious Bojan Tomić AMSTERDAM 16

    - 17 MAY 2017

  2. What? • Server-­side  runtime  for  executing  queries • Type  system

    • Storage  /  language  independent  (think  REST) • Open  source  spec  (tnx Facebook!) (think  WSDL/SOAP) • Unrelated  to  graph  DBs  and  their  query  languages (Cypher,  Gremlin  etc) • Data  description  +  query  language

  3. Why? Describe  data Predictable  results No  under/over-­fetch type Query {

    hero (episode: Int): Character } { hero (episode: 4) { name homeWorld { name type } } } { "data" : { "hero" : { "name" : "Luke Skywalker" "homeWorld" : { "name" : "Tatooine" "type" : "desert" } } } type Character { name: String friends: [Character] homeWorld: Planet } type Planet { name: String type: String }

  4. GraphQL  vs  REST Credit:   Jonas  Helfer

  5. graphql-­java  :  Defining  the  schema GraphQLObjectType person= newObject() .name("Person") .field(newFieldDefinition()

    .name("addresses") .type(new GraphQLList(address)) .dataFetcher(env -> dataBase.query(…))) .field(newFieldDefinition() .name("name") .type(Scalars.GraphQLString)) .build(); GraphQLObjectType address = newObject() .name("Address") .field(newFieldDefinition() .name("streetName") .type(Scalars.GraphQLString) .build()) .field(newFieldDefinition() .name("houseNumber") .type(Scalars.GraphQLInt) .build()) .build();

  6. graphql-­java  :  Defining  the  schema GraphQLObjectType queryType = newObject() .name("ROOT_QUERY")

    .field(newFieldDefinition() .name("peopleByName") .argument(newArgument() .name("name") .type(Scalars.GraphQLString)) .type(new GraphQLList(person)) .dataFetcher(env -> personService.findByName(...))) .build(); class Person { private String name; private List<Address> addresses; //getters & setters } class Address { ... } class PersonService { public List<Person> findByName(String name) { … } }

  7. The  problem  :  Duplication o Duplicates   type  definitions o

    Another  layer  to  maintain

  8. The  solution  :  Dynamic  schema  generation o Allow   following

      best  practices o Be  adaptable  /  customizable o Eliminate   type  duplication   (DRY)

  9. Introducing  GraphQL  SPQR

  10. GraphQL  SPQR public  class PersonService { public List<Person>  findByName(String  name)

     { return dataBase.queryByName(name);;   } ... } @GraphQLQuery(name  =  "peopleByName")

  11. GraphQL  SPQR  :  Setup public  class Person  { private String

     firstName;; private String  lastName;; @GraphQLQuery(name  =  "firstName") public String  getFirstName()  { return firstName;; } @GraphQLQuery(name  =  "lastName") public String  getLastName()  { return lastName;; } … } PersonService personService =  new PersonService();; GraphQLSchema schema  =  new GraphQLSchemaGenerator() .withOperationsFromSingleton(personService) .generate();; GraphQL graphQL =  new GraphQL(schema);; String  query  =  " { peopleByName(firstName:  "John")  { firstName lastName }}";; ExecutionResult result  =  graphQL.execute(query);;

  12. GraphQL SPQR  :  Queries public  class PersonService { @GraphQLQuery(name  =

     "twitterProfile") public TwitterProfile getTwitterProfile ( Person  person)  { return twitterApi.getProfile(person);; } @GraphQLQuery(name  =  "peopleByName") public List<Person>  findByName(  ...  )  { ... }         } { peopleByName (firstName :  "John")  { firstName lastName } } @GraphQLContext twitterProfile { handle numberOfTweets } { twitterProfile ( person:  { firstName :  "John" lastName :  "Doe" }) handle numberOfTweets } }

  13. Demo DEMO  TIME

  14. The  problem:  Malicious queries o Arbitrarily  complex  query o Arbitrary

     size  of  the  result o Analyze  AST  complexity o Limit  depth o Limit  execution  time o Whitelist queries

  15. The  problem:  N  +  1 { peopleByName (firstName :  "John")

     { firstName lastName twitterProfile { handle numberOfTweets } } } public  class PersonService { @GraphQLQuery(name  =  "twitterProfile") public TwitterProfile getTwitterProfile ( Person person)  { return twitterApi.getProfile(person);; } @Batched List< List< > >

  16. The  problem:  Optimize  fetching { peopleByName (name:  "John")  { firstName

    lastName } } @GraphQLQuery(name  =  "peopleByName") public List<Person>  getPeopleByName(String  name)  { SELECT  *  FROM  Users  WHERE  name  =  ‘John’;; return …;; } L

  17. The  problem:  Optimize  fetching { peopleByName (name:  "John")  { firstName

    lastName } } @GraphQLQuery(name  =  "peopleByName") public List<Person>  getPeopleByName(String  name, @GraphQLEnvironment List<String>  subFields)  { SELECT  firstName,  lastName FROM  Users   WHERE  name  =  ‘John’;; return …;; }

  18. The  problem:  Authorization o Inject  security  context  into  the  

    resolver @RequestMapping(value="/graphql") public Object  graphql(@RequestBody Map<String,  Object>  request)  { String  query =  request.get("query").toString();; User  user =  SecurityContextHolder.getContext().getAuthentication();; } public String  getProfile(...,  @GraphQLRootContext User  user)  { if (current.getId()  ==  ...)  { return ...   } } ExecutionResult executionResult =  graphQL.execute(query,  user);;

  19. The  problem:  Authorization @PreAuthorize("hasRole('ROLE_ADMIN')")         @GraphQLMutation(name  =

     "updateUser") public String  updateUser(...)  { ... } o AOP  style

  20. Further  topics o Schema  visibility o Schema  extension o Caching

    o …

  21. Closing Bojan Tomić leangen.io github.com/leangen @kaqqao

  22. Questions