Now, I wanna make sure that the client cannot skip a step( by using the recorded history in the browser), so for example when he arrives at the application(Step 1) cannot skip that step by putting the URL of the second step. If that happens that client will get a malformed form and an HTTP 500 will be produced.
|--Start-->Step 1: Entry point of the app, here I collect the basic info using a POST-->Step 2: Dependant of the info in the step 1, the user gets a new form and posts to the server-->Step 3: The server responds to the client based on the collected info.
So, when the user gets past Step 1, you will have some information available with you. Right? You can save this info in the session or in a database and when the user posts his data in Step 2, you can check if the data from Step 1 is available. If not, then the user has directly entered the link for Step 2. Same logic applies for Step 3.
Making the links to the components not visible to the client would very much solve my problem in a clean way
Assuming you a Controller
servlet, you can specify the component to be accessed as a hidden field and use POST always. When a request comes in to your controller, based on the value of the hidden field, you can redirect the request to the responsible handler. That way the user will see only the Controller name in the URL. (But if the user is smart enough to spoof cookies and headers, he can spoof hidden fields as well

) I think the better way would be ensure that Step 1 data is available when in Step 2 and Step 2 data is available when in Step 3.