Which two statements are true about using the isUserInRole method to implement security in a Java EEapplication?()
- AIt can be invoked only from the doGet or doPost methods.
- BIt can be used independently of the getRemoteUser method.
- CCan return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor.
- DUsing the isUserInRole method overrides any declarative authentication related to the method in which it is invoked.