A developer implements a session bean which acts as a session facade for an application. This
means that clients will only see this session bean’s interface which offers the application interface,
where are three distinct roles known at development time: “user”, “admin”, and “guest”. The
majority of the methods will be used by role “user”. All methods must have role permissions active
and roles may be added or changed in the future.
Which two scenarios are correct? (Choose two.)
A.
The developer annotates the bean class with @PermitAll and annotates the methods used by
role “guest” or “admin” individually.
B.
The developer annotates the bean class with @DenyAll and annotates the methods used by
role “user”, “guest”, or “admin” individually.
C.
The developer defines individual method permissions for the methods used by roles “user
“guest”, and “admin” In the deployment descriptor.
D.
The developer annotates the bean class with @RolesAllowed(“user”) and annotates the
methods used by role “guest” or “admin” individually.
E.
The developer defines a method permission with method name “*” and role “user” and adds
individual method permissions for the methods used by roles “guest” and “admin” in the
deployment descriptor.
Why not B,C? The majority of methods have role “user”, but not all.
D is not the same as E. With * all methods will be accessible by user. C,D seem more likely
Why B is not correct ?