I am working on an internal web application using java/javaScript/jsp/html. When a user logs in they are validated against our database and given a list of available links on their home page.

When they click on a link or if they try to type an address I would like to validate that against their userLinks session object.

I have tried a jsp:include, but that didn't work. I tried making a form on the home page with method="post" and action="validRequestCheck.jsp" and that didn't work either.

If more info is needed, please let me know. Thank you!

You should be able to do it in a JSP (what does JSP include didn't work mean? It didn't work out as you thought, or it didn't compile, or...)
However I feel that it would be more appropiate to do this checking in a servlet and forward the requests to the JSPs...

After discussing it some more at work, I would like to modify my original question to this.....

Is there a way to tell if 1.) the user clicked on a link or 2.) typed an address into the address bar in order to request a page? If there is, that will be how we "validate". The user is given their available links from the database. We want to stop them from typing in the address bar, even if it is the correct address.

Sorry for my confusion.....

First of all, I don't think that this is the right way to do it, because from an HTTP get/post request it can not be determined, if a link was clicked, or the address was typed into the address bar.
However depending on hte environment and what control you have on your users, some things can be done.
You can open a browser window for them, that doesn't have an address bar (but they can get the url from it, and paste it into another window if they are smart enough).
It is possible, to add javascript events to links, so if they are clicked, the url is modified a bit, or a parameter is added to it programatically (again, this can be intercepted), and if javascript is disabled the normal url is activated.
Etc.
Anyway, the main problem is that you have to provide information from the client side to be able to decide at the server side what happened, however on the client side things can be modified/hacked by the client (more or less easily, depending on their knowledge).

Thank you very much for your help. The way we have it right now using frames (temporarily) and the address never changes. I am hoping this will be enough to deter the users from typing into the address bar. You told me what I really wanted to know:

"because from an HTTP get/post request it can not be determined, if a link was clicked, or the address was typed into the address bar."

Again, thank you. Have a nice weekend!

Your are welcome.