A developer has used this code within a servlet： 62.if（request.isUserInRole（"vip"）） { 63.// VIP-related logic here 64.} What else must the developer do to ensure that the intended security goal is achieved？（）

• A、Create a user called vip in the security realm
• B、Define a group within the security realm and call it vip
• C、Define a security-role named vip in the deployment descriptor
• D、Declare a security-role-ref for vip in the deployment descripto