Description
Currently org.apache.wicket.authorization.IAuthorizationStrategy is focused only on Components.
There is no way to secure an IResource mounted with WebApplication#mountResource(ResourceReference) or implicitly at /wicket/resource/com.example.MyComponent/some.res
The API cannot be changed before Wicket 7. Until then applications can use custom root request mapper/handler to accomplish the same.