Java EE 7 Application Developer — Question 39

You want to allow one set of roles to POST to a resource and another set of roles to GET it.
Which two configuration options should you use? (Choose two.)

Answer options

• A. two separate @HttpMethodConstraints annotations and sets of roles
• B. a single @HttpMethodContstraint annotation and a map of method to roles
• C. two <web-resource-collection> with different <http-method> in the deployment descriptor
• D. a single <web-resource-collection> with two <auth-constraint> with different <http-method> in the deployment descriptor

Correct answer: B, D

Explanation

Option B is correct because it allows for a single annotation to define the method-role mapping, which is efficient for managing access control. Option D is also correct as it enables defining multiple HTTP methods within a single resource collection, specifying different authorization constraints. Options A and C do not effectively achieve the requirement of separating role access for different HTTP methods in this context.