This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Servlet containers frequently run with a security manager, which creates a sandbox that prohibits the use of Runtime.exec, amongst other things. This is meant to protect web apps from one another, and the server as a whole from an errant or malicious web app. If you have control over the server, check its startup scripts for security manager related settings (for Tomcat, the "-security" switch in the catalina.sh script).