Which strategy is correct for configuring Spring Security to intercept particular URLs? (Choose the best answer.)
A. The URLs can be specified via configuration (using authorizeRequests () and request matchers), with the most specific rule first and the least specific last.
B. Spring Security can obtain URLs from Spring MVC controllers, the Spring Security configuration just needs a reference to the controller to be protected.
C. The URLs are specified in a special properties file, used by Spring Security.
D. The URLs can be specified via configuration (using authorizeRequests () and request matchers), with the least specific rule first and the most specific last.
