Mise en place de la protection des pages par role (voir applicationContextAcegi.xml)

Quelques corrections (y compris correction d'Anglais sur la page d'accueil)
Debut de Admin

YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml

@@ -19,13 +19,13 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem
 <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
   <property name="authenticationEntryPoint">
     <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-      <property name="loginFormUrl" value="/login.jsp"/>
+      <property name="loginFormUrl" value="/login.htm"/>
       <property name="forceHttps" value="false"/>
     </bean>
   </property>
   <property name="accessDeniedHandler">
     <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
-      <property name="errorPage" value="/denied.jsp"/>
+      <property name="errorPage" value="/WEB-INF/jsp/denied.jsp"/>
     </bean>
   </property>
 </bean>
@@ -98,16 +98,49 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem
   </property>
   <property name="objectDefinitionSource">
     <value>
-      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-      PATTERN_TYPE_APACHE_ANT
-      /secure/**=ROLE_ADMIN,ROLE_AUTHOR,ROLE_PCMEMBER
-      /secure/**=IS_AUTHENTICATED_REMEMBERED
-      /**=IS_AUTHENTICATED_ANONYMOUSLY
+		CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+		PATTERN_TYPE_APACHE_ANT
+		/secure/**=ROLE_ADMIN,ROLE_AUTHOR,ROLE_PCMEMBER
+		/secure/**=IS_AUTHENTICATED_REMEMBERED
+		/listarticle.htm=ROLE_USER
+		/managearticle.htm=ROLE_USER
+		/registeruser.htm=ROLE_ANONYMOUS,ROLE_USER
+		/submissionarticle.htm=ROLE_USER
+		/choosepreference.htm=ROLE_PCMEMBER
+		/dispatcharticlelist.htm=ROLE_PCMEMBER
+		/dispatcharticle.htm=ROLE_PCMEMBER
+		/addconference.htm=ROLE_CONFERENCE_CREATOR
+		/evaluation.htm=ROLE_PCMEMBER,ROLE_REFEREE
+		/createreport.htm=ROLE_PCMEMBER,ROLE_REFEREE
+		/listconference.htm=ROLE_USER
+		/validatearticle.htm=ROLE_CHAIRMAN
+		/validateorreject.htm=ROLE_CHAIRMAN
+		/listevaluation.htm=ROLE_USER
+		/download.htm=ROLE_USER
+		/deletearticle.htm=ROLE_AUTHOR,ROLE_CHAIRMAN,ROLE_ADMIN
+		/listreport.htm=ROLE_PCMEMBER,ROLE_REFEREE,ROLE_CHAIRMAN
+		/detailarticle.htm=ROLE_USER
+      	/**=IS_AUTHENTICATED_ANONYMOUSLY
     </value>
   </property>
 </bean>
 
-<!-- LOGOUT -->
+
+<!--<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
+	<property name="beanNames">
+		<list>
+			<value>AddConferenceController</value>
+			<value>conferenceManager</value>
+		</list>
+	</property>
+	<property name="interceptorNames">
+		<list>
+			<value>methodInvocationInterceptor</value>
+		</list>
+	</property>
+</bean>
+
+--><!-- LOGOUT -->
 <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
   <constructor-arg value="/index.jsp"/>
   <constructor-arg>
@@ -141,7 +174,6 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem
 
 <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
 
-
 <!--<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalEntityManagerFactoryBean">-->
 <!--	<property name="persistenceUnitName" value="YACOSCore"/>-->
 <!--</bean>-->

YACOSWeb/WebContent/WEB-INF/classes/messages.properties

@@ -1,5 +1,5 @@
 title=YACOS
-title.detail=Yet Another Conference Organisation System
+title.detail=Yet Another Conference Organization System
 button.remove=Remove
 button.removeSelected=Remove selected
 
@@ -10,16 +10,16 @@ disclaimer.link.about=About
 
 ###################
 # MAIN PAGE YACOS
-home.whatis=What is it ?
-home.whatis.txt=YACOS is a university project for manage all international conference. This tool is developped by 5 members team with the technology J2EE.
-home.author=I am author and I want post an article. How ?
-home.author.txt=Simple ! With Yacos you can take a look on all current conference : view title, subject, details on limit date and many others...<br />If you want participate at one conference (or many) and post an article for this, just create an account on Yacos and post your article, no more simple. The comity program note your article, return some comments on this and accept or not !
-home.referee=I am in comity program. How Yacos can help me ?
-home.referee.txt=If you are chairman, PC member or simple a refereea, thanks to yacos you can follow the articles posted by authors.<br />For the chairman, you can distribute articles throught your members for review and notation, manage your conference, date...<br />For the PC member and others, you can review an article, post your comments and note on this, exprimate your preference for review,...
+home.whatis=What is YACOS ?
+home.whatis.txt=YACOS is a university project for managing international scientific conferences. This tool is developed by a team of 5, using the JEE technology.
+home.author=I am an author and I want post an article. How can I do that ?
+home.author.txt=Simple ! With Yacos you can take a look on all open conferences : view title, subject, details on deadlines and many other informations...<br />If you want to participate at one (or many) conference and post an article, just create an account on Yacos and post your article. It is as simple as that ! The program committee rate your article, return some comments and accept or decline it !
+home.referee=I am a program committee member. How Yacos can help me ?
+home.referee.txt=If you are the chairman, a PC member or simply a referee, thanks to yacos you can follow articles posted by authors.<br />As chairman, you can dispatch articles to your members for review and rating, manage your conference, the deadlines...<br />As the PC member or referee, you can review an article, post your comments and rate it, express your preference toward the submitted articles,...
 home.youknow=So now you know...
 home.link.choose=Choose one conference
 
-connected.noconference.title=No conference selectionned
+connected.noconference.title=No conference selected
 connected.noconference.warning=You must choose a conference to access all your features :
 article.post.noconference=You must choose a conference before post or edit an article. 
 
@@ -36,7 +36,7 @@ conference.detail.link.submit=Submit an article
 ###################
 # LOGIN FORM
 login.title=Create an user or log in
-login.btn.connexion=Connexion
+login.btn.connexion=Connection
 login.btn.logout=Logout
 login.field.login=Login
 login.txt.login=Log in
@@ -56,7 +56,7 @@ login.message.error=Your login attempt was not successful, try again.
 ###################
 # USER INFORMATION HEADER
 user.information.editaccount=Edit my account
-user.information.followconference={0,choice, 0#You doesn t have any conference  | 1#You currently follow {0} conference | 1<You currently follow {0} conferences}
+user.information.followconference={0,choice, 0#You doesn't have any conference  | 1#You currently follow {0} conference | 1<You currently follow {0} conferences}
 
 ###################
 # USER MENU
@@ -136,13 +136,13 @@ forgotPassword.submitted=A new password has been successfully generated for your
 
 ###################
 # MESSAGE ERROR
-message.error.noconferenceforthisid=This conference doesn't exist. Pease try again
-message.error.noconferenceid=No conference selectionned
-message.error.conferenceerror=Error. Try again.
+message.error.noconferenceforthisid=This conference doesn't exist. Please try again
+message.error.noconferenceid=No conference selected
+message.error.conferenceerror=Error. Please try again.<br/>Sorry for the inconvenience.
 message.error.page404.title=Page not found
-message.error.page404.content=Sorry, the page where you looking for, doesn't found.
-message.error.page403.title=Acces denied
-message.error.page403.content=Sorry, you have not access at this page.
+message.error.page404.content=Sorry, the page where you looking for could not be found.
+message.error.page403.title=Access denied
+message.error.page403.content=Sorry, you can't access this page.
 
 submission.title=Article's submission
 submission.modify=Modify your article
@@ -172,7 +172,7 @@ form.article.file=File
 submissionArticle.title=The title should not be null
 submissionArticle.theme=The theme should not be null
 submissionArticle.abstractText=The Abstract text should not be null
-submissionArticle.mainauthor=The main author should not be null, insert example "toto"
+submissionArticle.mainauthor=The main author should not be null.
 submissionArticle.file=Please choose an article to submit
 
 
@@ -186,7 +186,7 @@ listarticle.title=Article's list
 manageArticle.title=Manage your article
 
 
-preference.title=Choose the preference for articles
+preference.title=Choose your preferences for these articles
 preference.like=Like
 preference.indifferent=Indifferent
 preference.dislike=Dislike
@@ -197,7 +197,7 @@ dispatch.title=Dispatch the articles to the members
 # Conference Form
 step=Step ({0}/{1})
 conference.help.step1=
-conference.help.step2=This step is used to define some date like the starting date for the conference.<br/>\nYou just have to click on a field and the calendar will appear.
+conference.help.step2=This step is used to define some dates like the starting date for the conference.<br/>\nYou just have to click on a field and the calendar will appear.
 conference.help.step3=Here you can add some constraints at your conference like the number of pages by articles or the type of file you want the authors to use.
 conference.help.step4=This step allows you to add criterion which will be used when someone will evaluate an article.<br/>\nYou can add a new criterion using the form, or simply add an existing criterion using the list.
 conference.help.step5=This step allows you to add PC Member to the conference.<br/>\nYou can add a Program Committee Member using the list below, or invite someone using his email address.

YACOSWeb/WebContent/WEB-INF/decorators/usermenu.jsp

@@ -17,7 +17,9 @@
 		<div id="mainmenubloc">
 			<h4><fmt:message key="menu.chairman.title" /></h4>
 				<ul>
+					<authz:authorize ifAllGranted="ROLE_CONFERENCE_CREATOR">
 					<li><a href="<c:url value="addConference.htm"/>"><fmt:message key="menu.chairman.conference.create" /></a></li>
+					</authz:authorize>
 					<li><a href="<c:url value="addConference.htm?action=modify"/>"><fmt:message key="menu.chairman.conference.modify" /></a></li>
 					<li><a href="<c:url value="dispatchArticleList.htm"/>"><fmt:message key="menu.chairman.article.dispatch" /></a></li>
 					<li><a href="<c:url value="validateArticle.htm"/>"><fmt:message key="menu.chairman.article.validate" /></a></li>
@@ -53,20 +55,22 @@
 		</div>
 	</authz:authorize>
 	
-	<!--  MENU : ROLE_AUTHOR -->
-	<authz:authorize ifAllGranted="ROLE_AUTHOR">
+	<!--  MENU : ROLE_AUTHOR for articles management and ROLE_USER for submission -->
+	<authz:authorize ifAllGranted="ROLE_USER">
 		<div id="mainmenubloc">
 			<h4><fmt:message key="menu.author.title" /></h4>
 				<ul>
 					<li><a href="<c:url value="submissionArticle.htm"/>"><fmt:message key="menu.author.article.submission" /></a></li>
+					<authz:authorize ifAllGranted="ROLE_AUTHOR">
 					<li><a href="<c:url value="manageArticle.htm"/>"><fmt:message key="menu.author.article.modify" /></a></li>
+					</authz:authorize>
 				</ul>
 				<div id="footer"></div>
 		</div>
 	</authz:authorize>
 	
 	<!--  MENU : ROLE_ANONYMOUS -->
-	<authz:authorize ifNotGranted="ROLE_AUTHOR">
+	<authz:authorize ifNotGranted="ROLE_USER">
 		<div id="mainmenubloc">
 			<h4><fmt:message key="menu.anonymous.title" /></h4>
 				<ul>

YACOSWeb/WebContent/WEB-INF/jsp/admin.jsp

@@ -0,0 +1,32 @@
+<%@ include file="/WEB-INF/decorators/include.jsp"%>
+<html>
+<head>
+
+<script type='text/javascript' src='./dwr/engine.js'></script>
+<script type='text/javascript' src='./dwr/util.js'></script>
+<script type='text/javascript' src='./dwr/interface/AdminController.js'></script>
+<script type='text/javascript' src='./javascripts/prototype.js'></script>
+<script type='text/javascript' src='./javascripts/yacos/admin.js'></script>
+<script type='text/javascript' src='./javascripts/scriptaculous.js'></script>
+
+</head>
+<body>
+
+<div class="cbb">
+<h2>Edit users</h2>
+<label>Filter :<input id="userFilterInput" type="text" name="userFilter"/></label>
+<div id="userDynamicList" class="dynamicList">
+	<div class="dynamicListHeader">
+		User list
+	</div>
+	<div class="dynamicListPlaceholder">
+		Please enter a value in the filter field.
+	</div>
+	<div class="dynamicListItem">
+		
+	</div>
+</div>
+</div>
+
+</body>
+</html>

YACOSWeb/WebContent/WEB-INF/jsp/denied.jsp

@@ -1,7 +1,8 @@
 <%@ include file="/WEB-INF/decorators/include.jsp"%>
 
 <html>
-<head></head>
+<head>
+</head>
 <body>
 
 

YACOSWeb/WebContent/WEB-INF/jsp/stateArticle.jsp

@@ -12,7 +12,7 @@
 		
 		<tr>
 		<td>
-		<div class=""><h2>${article.title}</h2>
+		<div class=""><h2>${article.title}</h2></div>
         </td>
         <td>
         <h2>${article.state}</h2>

YACOSWeb/WebContent/WEB-INF/jsp/tableBord.jsp

@@ -4,11 +4,11 @@
 <head></head>
 <body>
 
-<!-- Differents role : ROLE_CHAIRMAN, ROLE_PCMEMBER, ROLE_REFEREE, ROLE_AUTHOR, ROLE_ANONYMOUS -->
+<!-- Different roles : ROLE_CHAIRMAN, ROLE_PCMEMBER, ROLE_REFEREE, ROLE_AUTHOR, ROLE_ANONYMOUS -->
 
 <div class="cbb">
 	
-	<!-- On affiche les menus seulement si une conference est deja active -->
+	<!-- The menus are displayed only if a conference has been selected -->
 	
 	<c:if test="${currentConferenceId != null}">
 	

YACOSWeb/WebContent/WEB-INF/jsp/validateArticle.jsp

@@ -10,8 +10,8 @@
 		<li class="title">TiTle: ${article.title}  </li>
 		<li class="author">Author: ${article.mainAuthor}</li>
 		<li class="topic">Topic: ${article.topic}</li>
-		<li class="state">State: ${article.state} <a href="<c:url value="valideOrReject.htm?value=valide&id=${article.id}"/>"><fmt:message key="validate.validate"/></a>
-	                                             <a href="<c:url value="valideOrReject.htm?value=reject&id=${article.id}"/>"><fmt:message key="validate.reject"/></a> </li> 
+		<li class="state">State: ${article.state} <a href="<c:url value="validateOrReject.htm?value=valide&id=${article.id}"/>"><fmt:message key="validate.validate"/></a>
+	                                             <a href="<c:url value="validateOrReject.htm?value=reject&id=${article.id}"/>"><fmt:message key="validate.reject"/></a> </li> 
 		<li class="article_url"><a href="<c:url value="${article.URL_article}"/>"><fmt:message key="validate.download"/></a> <a href="<c:url value="listReport.htm?id=${article.id}"/>"><fmt:message key="validate.report"/></a></li>
 	
 	   

YACOSWeb/WebContent/WEB-INF/web.xml

@@ -36,17 +36,6 @@
 	  <servlet-name>yacos</servlet-name>
 	  <url-pattern>/dwr/*</url-pattern>
 	</servlet-mapping>
-
-	<!-- OpenSessionInView for JPA -->
-    <filter>
-        <filter-name>lazyLoadingFilter</filter-name>
-        <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
-    </filter>
-   <filter-mapping>
-   		<filter-name>lazyLoadingFilter</filter-name>
-  		<url-pattern>/onverracaplustard</url-pattern>
-  </filter-mapping>
-    
 	
 	<!-- Acegi Security declaration Start -->
 	<filter>
@@ -99,7 +88,7 @@
 	
 	<filter-mapping>
 		<filter-name>SessionService</filter-name>
-		<url-pattern>/*</url-pattern>
+		<url-pattern>*.htm</url-pattern>
 	</filter-mapping>
 	<!-- SessionService Integration declaration End -->
 	

YACOSWeb/WebContent/WEB-INF/yacos-servlet.xml

@@ -36,7 +36,7 @@
 				<prop key="/listConference.htm">ListConferenceController</prop>
 				<prop key="/chooseConference.htm">ChooseConferenceController</prop>
 				<prop key="/validateArticle.htm">ValidateArticleController</prop>
-				<prop key="/valideOrReject.htm">ValideOrRejectController</prop>
+				<prop key="/validateOrReject.htm">ValidateOrRejectController</prop>
 				<prop key="/login.htm">LogonController</prop>
 				<prop key="/listEvaluation.htm">ListEvaluationController</prop>
 				<prop key="/download.htm">ArticleDownloadController</prop>
@@ -45,7 +45,8 @@
 				<prop key="/forgotPassword.htm">ForgotPasswordController</prop>
 				<prop key="/detailArticle.htm">DetailArticleController</prop>
 				<prop key="/tableBord.htm">TableBordController</prop>
-				<prop key="/stateArticle.htm">StateArticleController</prop>
+				<prop key="/stateArticle.htm">StateArticleController</prop>
+				<prop key="/admin.htm">AdminController</prop>
 			</props>
 		</property>
 	</bean>
@@ -58,6 +59,27 @@
 		<property name="articleManager" ref="articleManager" />
 	</bean>
 	
+	<bean id="AdminController"
+		class="org.yacos.web.admin.AdminController">
+		<dwr:remote javascript="AdminController" />
+		<property name="articleManager" ref="articleManager" />
+		<property name="userManager" ref="userManager" />
+		<property name="conferenceManager" ref="conferenceManager" />
+		<property name="methodNameResolver">
+			<bean name="AdminControllerMethodResolver" class="org.springframework.web.servlet.mvc.multiaction.ParameterMethodNameResolver">
+				<property name="defaultMethodName">
+					<value>show</value>
+				</property>
+				<property name="paramName" value="action"/>
+				<property name="methodParamNames">
+					<list>
+						<value>show</value>
+					</list>
+				</property>
+			</bean>
+		</property>
+	</bean>
+	
 	<bean id="ManageArticleController"
 		class="org.yacos.web.author.controller.ManageArticleController">
 		<property name="articleManager" ref="articleManager" />
@@ -139,8 +161,8 @@
 		<property name="articleManager" ref="articleManager" />
 	</bean>
 
-	<bean id="ValideOrRejectController"
-		class="org.yacos.web.PCmember.controller.ValideOrRejectController">
+	<bean id="ValidateOrRejectController"
+		class="org.yacos.web.PCmember.controller.ValidateOrRejectController">
 		<property name="articleManager" ref="articleManager" />
 	</bean>
 
@@ -161,7 +183,8 @@
 	</bean>
 	
 	<bean id="AddConferenceController"
-		class="org.yacos.web.chairman.controller.AddConferenceController">
+		class="org.yacos.web.chairman.controller.AddConferenceController"
+		scope="session">
 		<dwr:remote javascript="AddCriteriaJS" />
 		<property name="sessionForm" value="true" />
 		<property name="commandName" value="formConference" />
@@ -286,11 +309,11 @@
 	<bean id="multipartResolver"
 		class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
 		<property name="maxUploadSize" value="10000000" />
-	</bean>
-
-	<bean id="messageSource"
-		class="org.springframework.context.support.ResourceBundleMessageSource">
-		<property name="basename" value="messages" />
+	</bean>
+	
+	<bean id="messageSource"
+			class="org.springframework.context.support.ResourceBundleMessageSource">
+		<property name="basename" value="messages" />
 	</bean>
 
 	<bean id="sessionService"

YACOSWeb/WebContent/javascripts/yacos/admin.js

@@ -0,0 +1,30 @@
+var AdminController = Class.create({
+	initialize: function(){
+		this.input = $('userFilterInput');
+		input.observe('keyPress',this.userInputKeyHandler.bind(this));
+	},
+	addConferenceCreationToken: function(event){
+		
+	},
+	removeConferenceCreationToken: function(event){
+		
+	},
+	userInputKeyHandler: function(){
+		
+	},
+	fillUserList: function(){
+		AdminController.getUserList(function(people){
+			var newPersonItem;
+			var elemName;
+			var contentValue;
+			for (var i = 0; i < people.length; i++) {
+				newPersonItem = new Element('div',{
+					'class':'dynamicListItem',
+					'style':'display:none;height:0px;width:0px;',
+					'id':elemName}).update(value).insert(hidden);
+			}
+		}.bind(this) );
+	}
+});
+
+new AdminController();

YACOSWeb/WebContent/javascripts/yacos/manageArticle.js

@@ -44,6 +44,6 @@ Event.observe(window,'load', function() {
 
 function deleteArticle(ArticleID) {
 	if (confirm("Are you sure you want to delete this article?")) {
-		document.location.href = "delete.htm?articleId=" + ArticleID; 
+		document.location.href = "deleteArticle.htm?articleId=" + ArticleID; 
 	}
 }

YACOSWeb/src/org/yacos/auth/UserDetails.java

@@ -1,5 +1,6 @@
 package org.yacos.auth;
 
+import java.util.ArrayList;
 import java.util.List;
 
 import org.acegisecurity.GrantedAuthority;
@@ -48,19 +49,27 @@ public class UserDetails implements org.acegisecurity.userdetails.UserDetails {
 	public GrantedAuthority[] getAuthorities() {
 		Integer currentConferenceId = SessionService.getInstance().getCurrentConferenceId();
 		
-		GrantedAuthority[] authorities = null;
+		ArrayList<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
+		
+		if(SessionService.getInstance().getConferenceManager().canCreateConference(login)){
+			authoritiesList.add(new GrantedAuthorityImpl("ROLE_CONFERENCE_CREATOR"));
+		}
 		
 		if(currentConferenceId != null){
 			List<Role> rolesList = SessionService.getInstance().getConferenceManager().getRoles(login, currentConferenceId);
-			if(! rolesList.isEmpty()){
-				authorities = new GrantedAuthority[rolesList.size()];
-			}
 			
 			for(int i=0;i<rolesList.size();i++){
-				authorities[i] = new GrantedAuthorityImpl("ROLE_"+rolesList.get(i).getType().name());
+				authoritiesList.add(new GrantedAuthorityImpl("ROLE_"+rolesList.get(i).getType().name()));
 			}
 		}
-		return (GrantedAuthority[]) authorities;
+
+		authoritiesList.add(new GrantedAuthorityImpl("ROLE_USER"));
+		
+		GrantedAuthority[] authorities = new GrantedAuthority[authoritiesList.size()];
+		for(int i=0;i<authoritiesList.size();i++){
+			authorities[i] = authoritiesList.get(i);
+		}
+		return authorities;
 	}
 
 	public String getPassword() {

YACOSWeb/src/org/yacos/web/PCmember/controller/ValidateOrRejectController.java

@@ -1,59 +1,59 @@
-package org.yacos.web.PCmember.controller;
-
-import java.lang.reflect.UndeclaredThrowableException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.mvc.SimpleFormController;
-import org.springframework.web.servlet.view.RedirectView;
-import org.yacos.core.article.Article;
-import org.yacos.core.article.IArticleManager;
-import org.yacos.core.article.Article.State;
-
-public class ValideOrRejectController extends SimpleFormController {
-
-    protected final Log logger = LogFactory.getLog(getClass());
-    
-    private IArticleManager articleManager;
-
-	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response)
-            throws ServletException{
-		
-        logger.info("Returning ValideOrReject view");
-        String id=(String)request.getParameter("id");
-        Article art=articleManager.getArticle(Integer.parseInt(id));
-        String value=request.getParameter("value");
-        if (value.equals("valide"))
-        {
-        	
-				art.setState(State.ACCEPTED);
-		 }
-        else if (value.equals("reject"))
-        {
-        	
-				art.setState(State.REJECTED);
-			
-        }
-        
-        try {
-			articleManager.updateArticle(art);
-		} catch (UndeclaredThrowableException e) {
-			e.printStackTrace();
-			System.out.println(e.getUndeclaredThrowable().toString());
-		}
-		return new ModelAndView(new RedirectView("validateArticle.htm"));
-    }
-	
-	public IArticleManager getArticleManager() {
-		return articleManager;
-	}
-	
-	public void setArticleManager(IArticleManager articleManager) {
-		this.articleManager = articleManager;
-	}
+package org.yacos.web.PCmember.controller;
+
+import java.lang.reflect.UndeclaredThrowableException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.SimpleFormController;
+import org.springframework.web.servlet.view.RedirectView;
+import org.yacos.core.article.Article;
+import org.yacos.core.article.IArticleManager;
+import org.yacos.core.article.Article.State;
+
+public class ValidateOrRejectController extends SimpleFormController {
+
+    protected final Log logger = LogFactory.getLog(getClass());
+    
+    private IArticleManager articleManager;
+
+	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException{
+		
+        logger.info("Returning ValidateOrReject view");
+        String id=(String)request.getParameter("id");
+        Article art=articleManager.getArticle(Integer.parseInt(id));
+        String value=request.getParameter("value");
+        if (value.equals("valide"))
+        {
+        	
+				art.setState(State.ACCEPTED);
+		 }
+        else if (value.equals("reject"))
+        {
+        	
+				art.setState(State.REJECTED);
+			
+        }
+        
+        try {
+			articleManager.updateArticle(art);
+		} catch (UndeclaredThrowableException e) {
+			e.printStackTrace();
+			System.out.println(e.getUndeclaredThrowable().toString());
+		}
+		return new ModelAndView(new RedirectView("validateArticle.htm"));
+    }
+	
+	public IArticleManager getArticleManager() {
+		return articleManager;
+	}
+	
+	public void setArticleManager(IArticleManager articleManager) {
+		this.articleManager = articleManager;
+	}
 }

YACOSWeb/src/org/yacos/web/admin/AdminController.java

@@ -0,0 +1,56 @@
+package org.yacos.web.admin;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
+import org.yacos.core.article.IArticleManager;
+import org.yacos.core.conferences.IConferenceManager;
+import org.yacos.core.users.IUserManager;
+
+public class AdminController extends MultiActionController {
+	private IArticleManager articleManager;
+	private IUserManager userManager;
+	private IConferenceManager conferenceManager;
+	/**
+	 * @return the articleManager
+	 */
+	public IArticleManager getArticleManager() {
+		return articleManager;
+	}
+	/**
+	 * @param articleManager the articleManager to set
+	 */
+	public void setArticleManager(IArticleManager articleManager) {
+		this.articleManager = articleManager;
+	}
+	/**
+	 * @return the userManager
+	 */
+	public IUserManager getUserManager() {
+		return userManager;
+	}
+	/**
+	 * @param userManager the userManager to set
+	 */
+	public void setUserManager(IUserManager userManager) {
+		this.userManager = userManager;
+	}
+	/**
+	 * @return the conferenceManager
+	 */
+	public IConferenceManager getConferenceManager() {
+		return conferenceManager;
+	}
+	/**
+	 * @param conferenceManager the conferenceManager to set
+	 */
+	public void setConferenceManager(IConferenceManager conferenceManager) {
+		this.conferenceManager = conferenceManager;
+	}
+	
+	public ModelAndView show(HttpServletRequest request, HttpServletResponse response){
+		return new ModelAndView("admin");
+	}
+}

YACOSWeb/src/org/yacos/web/chairman/controller/AddConferenceController.java

@@ -34,6 +34,7 @@ import org.yacos.web.chairman.form.FormConference;
 import org.yacos.web.chairman.validation.ConferenceValidator;
 import org.yacos.web.system.controller.MailSenderService;
 import org.yacos.web.system.session.SessionService;
+import org.acegisecurity.annotation.Secured;
 
 public class AddConferenceController extends AbstractWizardFormController {
 
@@ -241,7 +242,8 @@ public class AddConferenceController extends AbstractWizardFormController {
 		setCommandName("formConference");
 		setPages(new String[] {"addConference", "addConference2", "addConference3", "addConference4", "addConference5"});
 	}
-
+	
+	@Secured({"ROLE_CONFERENCE_CREATOR"})
 	protected Object formBackingObject(HttpServletRequest request) throws ModelAndViewDefiningException {
 		logger.info(this.getClass().toString() + " dans le formBackingObject");
 

YACOSWeb/src/org/yacos/web/system/controller/StateArticleController.java

@@ -1,9 +1,7 @@
 package org.yacos.web.system.controller;
 import java.io.IOException;
 import java.util.ArrayList;
-import java.util.Hashtable;
 import java.util.List;
-
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

YACOSWeb/src/org/yacos/web/system/controller/TableBordController.java

@@ -8,7 +8,6 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.SimpleFormController;
 import org.yacos.web.system.controller.NoConferenceSelectedException;
-import org.yacos.web.system.session.SessionService;
 
 public class TableBordController extends SimpleFormController {
 

YACOSWeb/src/org/yacos/web/system/session/SessionService.java

@@ -192,6 +192,9 @@ public class SessionService {
 	 * @return The current user login
 	 */
 	public String getCurrentUserLogin(){
+		if(SecurityContextHolder.getContext().getAuthentication() == null){
+			return null;
+		}
 		// Retrieve the login from the acegi security session
 		return SecurityContextHolder.getContext().getAuthentication().getName();
 	}