Yes of course you can do it several ways
1. The simplest is to allow only POST on specified URL in web.xml using security constraint
<url-pattern>your URL pattern</url-pattern>
2. You can find out which HTTP method is called in your pages or servlets be calling HttpServletRequest.getMethod()
3. There is often used aproach to store application form and view jsp pages under WEB-INF directory- so pages can't be accessed directly- url is always hidden and only server side forwards are used, redirection to pages is not used. Application is more consisten, because there is no direct access to wiew or form pages- controller components are accessd first *.do sevlets so data validation and initialization is always guaranteed. This approach is even more secure.
You can combine all three methods in your app.
Hope this helps
Senior Engineer, Systinet
Phone: +420 272 019 539
eMail: jaroslav dot brazda at systinet dot com