Hi, I have written a web application which reads/writes into the server filesystem. I am using JBoss4.0SP1 and have successfully deployed the war. I found that while the web-pages which read the data in the deployment root of the war works, those that try to read/write outside the deployment root into some other absolute path doesn't work. General Tomcat has a server.policy file where you can define the security policies related to these IO operations but the tomcat that comes along with JBoss as an MBean doesn't seem to be having that file. Is there a way to define a custom security policy for tomcat MBean?