A developer has used this code within a servlet:
What else must the developer do to ensure that the intended security goal is achieved?
A.
create a user called vip in the security realm
B.
define a group within the security realm and call it vip
C.
define a security-role named vip in the deployment descriptor
D.
declare a security-role-ref for vip in the deployment descriptor
Explanation: