i have developed an application and till now i have been successful in restricting screen access by not showing/hiding menu options or buttons for certain screen. But the problem now is user is able to access screen when he types url in address bar.
I know i'm not the first one doing this, so there has to be some kind of standard practice. So if somebody know any library or some way to do this, please let me know.
Thank you.
Disclaimer - I don't know how this would translate to Clojure as I have never used it.
Typically you decorate methods that respond to views with an authorization handler. This handler knows how to talk to your authentication backend. It takes the user identifier (which can be the userid/username, etc.) from the current context and queries the backend for the user's authorization for the requested view.
If it passes, the view the is shown.
If it is rejected then based on business rules (and security guidelines) actions are taken. These can be as simple as a friendly "Oops you are not allowed here"; to logging the action and then ending the user's session.
If your application has a limited set of endpoints (URLs) you can create a static map of end points to users and use this as your access control list (ACL). However, in most modern applications the ACL is controlled across a range of objects - and the endpoints (the URLs) are not restricted as these are dynamic. For example
/inventory/product/1,/user/admin/3, etc.Update:
This link provides a visual diagram for the decorator pattern.
Update 2:
The authorization library provides some helpers that would do the authorization checks ("is this user allowed to view"), but the implementation in the code is left up to the individual application.
Typically you would use one or more authentication libraries (like oath); but the authorization part is left up to your implementation.
A quick google led me to securing clojure web applications with sandbar which should be more relevant to you.