I am trying to add basic read/write authorization in gremlin-server, I want to know if there is a way by which I can identify if this query is read-only query or write query.
There is no API call you can make to determine that, but you can get inspiration for how to detect it from ReadOnlyStrategy here. The key is to cycle the Traversal object and look for a Step that implements the Mutating interface. If you find one of those in there, you could classify the traversal as a write query.
Of course, for Gremlin, classifying a query and read or write isn't so binary as it could easily be a mix of read and write. It's also possible that at runtime the write might never execute depending on the flow of the traversal, so it could be "runtime readonly". Hopefully, detecting the Mutating interface is a good-enough solution for you.
I'm not sure where you intend to implement this authorization function but I sense it would be best done as a TraversalStrategy that would then fire on traversal execution. I don't know if that's too late for your authorization process, but it would be the easiest way I can envision. The problem is that if you are accepting scripts then with that approach you could get a partial execution of that script up to the point where authorization was not allowed. If you needed to disallow an entire script based on one write traversal then you might need to look at a custom sandbox. Of course, it is better to avoid scripts altogether and simply use bytecode based requests only. If you are only concerned with bytecode then TraversalStrategy should work pretty well for the authorization use case.