No, the web programming chapter in the book does not cover authentication and authorization.
For some years, I've used spring-security to cover this aspect of things in my Clojure web apps; if you already know it, that's a good place to start.
I've personally been frustrated with spring-security in a variety of areas though, which is why I've started a Clojure-specific authentication/authorization library called
Friend. Clojure offers a number of facilities that have already made me far more productive with it than with spring-security, and I suspect it will only get better as time goes on.
--
(coauthor of
Clojure Programming from O'Reilly; creator of
Clojure Atlas)