Security restrictions in a use-case require that the behavior of an EJB business method vary
according to the role of the user. How should this be achieved?
A.
The deployment descriptor is written using the roles determined by the programmer.
B.
The programmer determines a role reference and uses it in the code. This is mapped to a
role in the deployment descriptor.
C.
The business method determines the role of the user using JNDI and configuration
information in the deployment descriptor.
D.
The business method determines the role of the user using JAAS and configuration
information in the deployment descriptor.