Which two statements are true regarding Spring Security? (Choose two.)
A. Access control can be configured at the method level.
B. A special Java Authentication and Authorization Service (JAAS) policy file needs to be configured.
C. Authentication data can be accessed using a variety of different mechanisms, including databases and LDAP.
D. In the authorization configuration, the usage of permitAll () allows bypassing Spring security completely.
E. It provides a strict implementation of the Java EE Security specification.
