I have a requirement that one application will post the data to the other application simply by calling the JSP page on the target application. That we have done using HTTPUrlConnection. But the problem is any user from the target application also able to call the JSP page. Our requiremnt is it has to be used by the client application. So, How do we restrict the access to that particular JSP from the users?
That being said, there are things that you can do to make it more difficult for the casual user to get to your JSP with a browser.
Since you're using a custom client, you can set whatever custom headers you like. In the JSP, you can look for these headers and throw a 404 exception if they're not present. This wouldn't stop someone with a packet sniffer and a custom client (including FireFox with a plugin that allows the user to change/add fields and headers) but it would keep most of the honest people out.