Which two statements are true about the security-related tags in a valid Java EE deployment descriptor？（）

A、Every&ensp;<security-constraint>&ensp;tag&ensp;must&ensp;have&ensp;at&ensp;least&ensp;one&ensp;<http-method>&ensp;tag.</http-method></security-constraint>

B、A&ensp;<security-constraint>&ensp;tag&ensp;can&ensp;have&ensp;many&ensp;<web-resource-collection>&ensp;tags.</web-resource-collection></security-constraint>

C、A&ensp;given&ensp;&ensp;tag&ensp;can&ensp;apply&ensp;to&ensp;only&ensp;one&ensp;<web-resource-collection>&ensp;tag.</web-resource-collection>

D、A&ensp;given&ensp;<web-resource-collection>&ensp;tag&ensp;can&ensp;contain&ensp;from&ensp;zero&ensp;to&ensp;many&ensp;<url-pattern>&ensp;tags.</url-pattern></web-resource-collection>

E、It&ensp;is&ensp;possible&ensp;to&ensp;construct&ensp;a&ensp;valid&ensp;<security-constraint>&ensp;tag&ensp;such&ensp;that，for&ensp;a&ensp;given&ensp;resource，no&ensp;user&ensp;rolescan&ensp;access&ensp;that&ensp;resource.</security-constraint>

问题详情

Which two statements are true about the security-related tags in a valid Java EE deployment descriptor？（）

答案解析