A developer is creating a web service endpoint using a stateless session EJB for the business
logic of an application. Choose two methods to select role based access control for the business
logic ? (Choose two)
A.
Using method-permission element in ejb-jar.xml
B.
Using .htaccess file in the application’s ear
C.
Using <security-role> element in web.xml
D.
By specifying security annotations like @RolesAllowed in the EJB class
Explanation: