/spring-boot-supabase

Modern Java web application starter template.

Primary LanguageHTMLMIT LicenseMIT

Easy, Powerful Full Stack Spring Boot

Build slick, fast Spring Boot full stack web applications easily as a solo developer.

This project is specifically designed to make it easy to build a modern web application with Spring Boot.

Here's a list of features:

  • Uses Supabase.io as the core for RDBMS, auth, storage.
  • Because Supabase is just Postgres, that means you can use all of IntelliJ's RDBMS features, including JPA Buddy.
    • This means that everything is type-aware (auto-complete FTW!) from the RDBMS through the Java code and into the Thymeleaf templates!
  • Reconfigured the Thymeleaf settings for compatibility with Pinegrow visual HTML builder
  • Uses Bootstrap as a default CSS framework
    • Drop in a new Bootstrap theme with minimal fuss!
    • If you want to switch to TailwindCSS instead, no big deal.
  • Use HTMX and Thymeleaf Fragments to provide rich, dynamic partial page updates without using any complicated JavaScript frameworks.
  • Stateless by default - uses Supabase JWT for authorization, so the project defaults to turning off Java sessions to improve ease of scaling.
    • TIP: Use service level Spring Boot caching instead of the antiquated session API to take the load of a database instead the session API.

Screenshots

The default theme is the open source Bootstrap theme Darkly, which just happens to be very similar to the default Supabase theme. You can swap in another theme (e.g. another Bootswatch theme) or build your own via SASS or the Pinegrow Design editor.

Basic Features

Home Screen

The default home screen displayed to the user.

Sign In

Log in with either a social provider or email/password. Supabase supports many other providers!

Create Account

Create an account quickly and easily. Supabase sends the various emails (confirmation, forgot password) for you. If you want to use your own SMTP server, pop in the SMTP credentials into Supabase.

Forgot Password

This project includes the JavaScript to handle the forgot password flow.

Logged In User

Logged in Supabase information is available both via standard Spring Security (via principal) and via a bean wrapper ( makes it easier to work with in Thymeleaf).

Thymeleaf Visual Editing

Create Account

Shows how the Create Account page can be viewed visually. Use the Pinegrow built-in HTML code editor or tab back and forth with IntelliJ.

Master Layout

This is the master layout used throughout the template. Also can be edited visual and/or via code editor.

Mobile and Bootstrap Blocks

Pinegrow handles responsive design quickly and easily. Just press a single keystroke to view the different breakpoints. Visually assign styling based on breakpoints.

Getting Started

Basics

You'll need Java 16+ and Maven.

Supabase

You will need to set up a new Supabase.io project. You can start with the free starter version. Eventually you can switch to either a paid account or set up your own self-hosted version.

Configuration

Set the following environment values so Maven and Spring Boot can find them. Tip: if you declare them in a .profile on macOS, IntelliJ will pick them up.

VALUE Typical Values
SUPABASE_DATABASE_URL jdbc:postgresql://db.PROJECT.supabase.co/postgres
SUPABASE_DATABASE_USER postgres
SUPABASE_DATABASE_PASSWORD Same as your Supabase login password.
SUPABASE_URL https://PROJECT.supabase.co
SUPABASE_ANON_KEY A JWT with the role of anon. Verify it at https://jwt.io/
SUPABASE_JWT_SIGNER The TOP SECRET key used for signing JWT from Supabase. DO NOT SHARE THIS - anyone who has this can create new identity JWTs - basically, this is a super password that would allow anyone to impersonate anyone on the site!

Database

By default, this template points to the Supabase table and expects to find a user table and a todo table. If you are playing around, you might want to try creating a matching table. Otherwise, just go ahead and delete the todo entity and query files:

src/main/java/com/changenode/frisson/data/ToDo.java src/main/java/com/changenode/frisson/query/TodosEntityQuery.java

IntelliJ Setup

This project uses the src/main/resources/public directory to store the html files.

IntelliJ Web Module Setup

In IntelliJ, make sure you set up the Web module to point at src/main/resources/public directory. Otherwise you will get errors related to paths in IntelliJ.

Help

This entire project is built on top of a large number of well-documented open source projects, such as Spring Boot, Bootstrap, Postgres, Thymeleaf, Supabase, and HTMX, just to name a few. Most of your issues or questions are probably going to be solved by the usual combination of the project documentation, Google, Stack Overflow, etc.

That said, here are some options specific to this project:

If you need consulting support, feel free to reach out.

Additional Supabase Information

Supabase PostREST and Spring Boot

By default, Supabase makes data available to the browser using PostREST - an application that automatically generates REST endpoints for a relational database.

Java web frameworks, on the other hand, usually connect directly to the database.

Which is better? If you are a Java developer used to working with Spring Boot and Spring data repositories, just use that. Keep your tables private in Supabase connect just like you would with any ordinary Postgres instance.

If you want to use PostREST, that's fine - just be absolutely sure you are setting up row-level security correctly!

Remember Me

The "Remember Me" setting in the login user interface, if checked, will store the JWT in a cookie, which will then allow the server to immediately render the logged-in user as long as the JWT has not expired.

The default for JWT tokens on Supabase is 3600 seconds (1 hour). As long as the user is actively clicking around on the website, the Supabase.js client will automatically refresh with new JWT tokens.

This means, however, that the "Remember Me" feature will only work for up to 1 hour. If you want to extend this, go to the Authentication -> Settings -> JWT Expiry and change it to something longer. The maximum setting allowed (one week) means that as long as the user logs into the site at least once a week, they will effectively never have to log in again.

The only downside is that you can't easily revoke a JWT once issued. So, if you extend the JWT session, that's the login time. If you want to implement some kind of instant user ban, you can still use JWT but you will need to add additional logic.

More Information

Bootstrap Themes

This project uses the Bootstrap 5.1 theme from:

https://github.com/thomaspark/bootswatch/tree/v5/dist/darkly

You can drop in other themes from:

https://github.com/thomaspark/bootswatch/

Or you can use the built-in Pinegrow SASS compiler to build your own Bootstrap themes.

SVG Icons

The SVG Icons in this project are from:

https://ionic.io/ionicons

Reference Documentation

For further reference, please consider the following sections:

Guides

The following guides illustrate how to use some features concretely: