errors fix

backend/src/main/java/org/conferatus/timetable/backend/configuration/WebSecurityConfiguration.java

@@ -1,14 +1,16 @@
 package org.conferatus.timetable.backend.configuration;
 
+import java.util.Set;
+
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
-import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
-import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -19,22 +21,26 @@
 public class WebSecurityConfiguration implements WebMvcConfigurer {
     private final CustomAuthorizationFilter customAuthorizationFilter;
 
-    public static final String LOGIN_URL = "/api/v1/accounts/login";
-    public static final String REFRESH_URL = "/api/v1/accounts/token/refresh";
+    public static final Set<String> NO_AUTH_ENDPOINTS = Set.of(
+            "/api/v1/accounts/login",
+            "/api/v1/accounts/token/refresh",
+            "/error"
+    );
 
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf(csrf -> csrf
-                .csrfTokenRepository(new CookieCsrfTokenRepository())
-                .csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
-        );
-
-        http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
-                authorizationManagerRequestMatcherRegistry
-                        .requestMatchers(LOGIN_URL).permitAll()
-                        .requestMatchers(REFRESH_URL).permitAll()
-                        .anyRequest().authenticated()
+        http.csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(httpSecuritySessionManagementConfigurer ->
+                        httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+        ;
+
+        http.authorizeHttpRequests(request -> {
+                    NO_AUTH_ENDPOINTS.forEach(
+                            endpoint -> request.requestMatchers(endpoint).permitAll()
+                    );
+                    request.anyRequest().authenticated();
+                }
         );
         http.addFilterAfter(customAuthorizationFilter, AnonymousAuthenticationFilter.class);
 

backend/src/main/java/org/conferatus/timetable/backend/services/AuthService.java

@@ -15,8 +15,7 @@
 import org.conferatus.timetable.backend.repository.UserRepository;
 import org.springframework.stereotype.Service;
 
-import static org.conferatus.timetable.backend.configuration.WebSecurityConfiguration.LOGIN_URL;
-import static org.conferatus.timetable.backend.configuration.WebSecurityConfiguration.REFRESH_URL;
+import static org.conferatus.timetable.backend.configuration.WebSecurityConfiguration.NO_AUTH_ENDPOINTS;
 
 @Service
 @Transactional
@@ -27,7 +26,7 @@ public class AuthService {
     private final RoleRepository roleRepository;
     private final YandexIdService yandexIdService;
 
-    private static final Set<String> notAuthURLs = Set.of(LOGIN_URL, REFRESH_URL);
+    private static final Set<String> notAuthURLs = NO_AUTH_ENDPOINTS;
 
     public static final String UNIVERSITY_URL = "/api/v1/admin/universities";
     public static final String UNIVERSITY_URL_LINK = "/api/v1/admin/universities/link";