You are the architect of a JEE-based product that customers can configure to meet their own
security requirements. You want to enforce basic without sacrificing customers ability to customize
the product.
Which is the best method to support both requirements?
A.
Define base roles and users declaratively
B.
Define base roles and users programmatically
C.
Build a custom security service to handle authorization
D.
Customize the JRE sandbox model by using local variables
Explanation:
Im not sure what the answer is but i dont think its D. I would have gone with A
I vote A as well
I vote for C.
I vote D, though I think it applies more to RIA
A