Given the JAX-RS root resource class fragment:
Choose the statement that best describes the configuration that would be required to support the access control constraint shown:
A.
No further configuration is required – the JavaEE runtime will pick up the security constraint and configure the web container to match.
B.
The developer will have to configure the web container to require authenticated access to the URLs corresponding to this resource, so the proper information can be propagated to the EJB container.
C.
The developer will have to turn on authentication in the web container configuration file, so that all incoming requests are authenticated in order to be processed.
D.
The developer will have to configure the web container to require authenticated access to the URLs corresponding to this resource, and then map web-tier roles to ejb-tier roles, since the JAX- RS and EJB runtimes cannot use the same set of roles.
the security constraint(role-based, resource scope) defined in Web container
must be matched with
the security constraint(roleAllowed, path) defined in EJB container.
One thing is the Transaction Management of EJB exposed as web service. For entity bean, the EJB JPA will manage the transaction VIA annotation. For session bean, if the session bean doesn’t invoke entity bean for persistence, then the session bean can use the CMT(container managed transaction, programmatic like InitialContext.lookup(“java:comp/userTransaction”) or declarative like TransactionAttribute.required to perform the persistence.
Answer is A?