Which two statements are true about using the isUserInRole method to implement security in a Java EE application? (Choose two.)
A. It can be invoked only from the doGet or doPost methods.
B. It can be used independently of the getRemoteUser method.
C. Can return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor.
D. Using the isUserInRole method overrides any declarative authentication related to the method in which it is invoked.
E. Using the isUserInRole method overrides any declarative authorization related to the method in which it is invoked.