Given the JAX-RS root resource class fragment:
Choose the statement that best describes the configuration that would be required to support the access control constraint shown:
A.
No further configuration is required – the JavaEE runtime will pick up the security constraint and configure the web container to match.
B.
The developer will have to configure the web container to require authenticated access to the URLs corresponding to this resource, so the proper information can be propagated to the EJB container.
C.
The developer will have to turn on authentication in the web container configuration file, so that all incoming requests are authenticated in order to be processed.
D.
The developer will have to configure the web container to require authenticated access to the URLs corresponding to this resource, and then map web-tier roles to ejb-tier roles, since the JAX- RS and EJB runtimes cannot use the same set of roles.
B
To enable authentication, you need to modify the WEB-INF/web.xml deployment descriptor of the WAR file your JAX-RS application is deployed in.
You enable authorization through XML or by applying annotations to your JAX-RS resource classes
By default, any client can access any URL provided by your web application with no constraints.
To enforce authentication, you must specify a URL pattern you want to secure. In our example, we use the element to specify that we want to secure the /services/customers URL.
The element says that we only want to secure POST requests to this URL
https://dennis-xlc.gitbooks.io/restful-java-with-jax-rs-2-0-2rd-edition/content/en/part1/chapter15/authentication_and_authorization_in_jax_rs.html
https://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm#RESTF254