You want to allow one set of roles to POST to a resource and another set of roles to GET it. Which two configuration options should you use? (Choose two.) 

Answer options:

A. two separate @HttpMethodConstraints annotations and sets of roles
B. a single @HttpMethodContstraint annotation and a map of method to roles
C. two <web-resource-collection> with different <http-method> in the deployment descriptor
D. a single <web-resource-collection> with two <auth-constraint> with different <http-method> in the deployment descriptor

BD