A developer implements a session bean with a method doStuff which behaves differently
depending on the caller’s security role. Only users in security roles “ADMIN” and “USER” are
allowed to call the method. Assume that there is no security-related metadata in the deployment
descriptor. Which two, taken in combination, are appropriate to accomplish this? (Choose two.)
A.
Annotate method doStuff with @PermitAII.
B.
Annotate method doStuff with @RolesAllowed({“ADMIN”,”USER”})
C.
If EJBContext.getCallerPrincipal returns role “ADMIN”, implement the behavior for users in role
ADMIN.
D.
If EJBContext.isCallerlnRole(“ADMIN”) returns true, implement the behavior defined for users in
role “ADMIN”.