1. In a web application, is it better to handle security Declaratively or Programmatically?
I feel the generic answer should be Declaratively. However, as the question mentions specifically about security, I would answer programmatically. Setting the securities using the annotations makes sure they are not altered easily(unless a new jar is built and deployed).
Whizlabs says Declaratively. What is your opinion?

2. How many HTTP methods are there?
Whizlabs says 7. In my opinion answer is 9[ GET, POST, PUT, DELETE, TRACE, OPTIONS, HEAD, CONNECT, PATCH ]. What do you think?

For your first question , I think you are thinking too deep.

Isn`t it will be great to handle security programmaticaly rather than coding your security logic into servlet code.


And for your second question , the question is asking about doXXX() methods , not the methods that you can request to web server.
In HttpServlet (abstract class) we have doDelete() , doOptions() , doGet() , doPut() , doPost() , doTrace() ,doHead() .
so only 7 methods .

Thanks Mahtab. That helps.

Hi

For the first question : Declaratively is the best option. Is more ease to change a XML than to be modifing, compiling, packing, etc. your clases every time you make a modification.

For the last : the PATCH method is invalid.

Good look.