Which security mechanisms always operate independently of the transport layer? (Choose all that apply.)
Given a deployment descriptor with three valid
<security-constraint> elements, all constraining web resource A, whose respective
<auth-constraint> sub-elements are:
<auth-constraint> <role-name>Bob</role-name> </auth-constraint> <auth-constraint/> <auth-constraint> <role-name>Alice</role-name> </auth-constraint>
Who can access resource A?
only Bob and Alice