No. In fact, some of the most successful security exploits on the Internet have been accomplished because a person (or program) can throw any text it likes at your server.
If you have deep-content pages interesting enough to bookmark,
you should welcome the user, not thwart him/her. You can't control people's browers anyway. The best you can do anyway is synthesize temporary URIs that become meaningless when used at a later time.
I understand that you may need some context, however. Where possible, I recommend using wrapper services so as to minimize the manual maintenance of this aspect. That is, use container-based authorization rather than coded-in login logic, filters to detect lack of defined resources and create them (or redirect to a page where they can be created) and so forth.
As a last resort, custom
JSP tags/servlet frontend logic can be used, but the first time you forget to include one on a newly created page, you've blown a hole in your system.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.