A developer has used this code within a servlet:
62. if(request.isUserInRole("vip")) {
63. // VIP-related logic here
64. }
What else must the developer do to ensure that the intended security goal is achieved?
A. create a user called vip in the security realm.
B. define a group within the security realm and call it vip.
C. define a security-role named vip in the deployment descriptor.
D. declare a security-role-ref for vip in the deployment descriptor.