Which two statements are true about using the isUserInRole method to implement security in a Java EEapplication？（）

• A、It can be invoked only from the doGet or doPost methods.
• B、It can be used independently of the getRemoteUser method.
• C、Can return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor.
• D、Using the isUserInRole method overrides any declarative authentication related to the method in which it is invoked.