Used to mark a route as requiring authorization before execution. When the
annotation is placed on a method, it overrides the value of the annotation
at the class level, if it exists.
The values supplied will be used to secure the target. The values will
be compared using "OR". If the authenticated principal contains any of the
roles or tokens provided, the principal will be authorized to access
the resource.
The values can be a role (eg ROLE_ADMIN), or a token.