Servlet Read/Wrte Permissions

Is there a way to prevent sevlets/jsp pages running in Tomcat from being able to open inputsteams to specified areas of the hard disk? For instance, right now my tomcat can open an inputstream to any file on my PC. I only want it to be able to open inputstreams to a certain directory.
I was looking at the catalina.policy file but I can't seem to find any instruction if or how it can be done.
Jamin

I have also been trying to figure out the details of specifying permissions. It looks to me like what you want is a FilePermission - see the java.io package.
It looks like it should be possible to grant permission for general IO to certain directories but I'm not clear on how to deny permission for the rest of the file system. If you locate a good tutorial on permissions, kindly post the URL.
Bill

Ah - found Dick Baldwin's tutorial at this URL. It explains alot and is helpful on the syntax. It appears that if you specify -security in the startup.bat and a SecurityManager is created, the default is that practically everything is denied.
Onward through the fog.
Bill

Thanks!
Jamin

More on Tomcat security. I found that Tomcat 5.0.19 won't run with the -security option IF you are using port 80. (I submitted a bug report) However, the latest Tomcat 4.1.30 will, so thats where I am working now.
Also, it turns out the the downloadable docs for J2SDK actually have a section on formatting policy entries it turns out to be in the docs/guide/security directory - I completely overlooked this in skimming the docs index.
As near as I can tell, file permissions have to give absolute paths and can't use the "url" style you see all over the place in catalina.policy. Also - on a windows machine you MUST use \\ as a path separator due to the way that string is parsed.
Bill