Hi all. I'm trying to test an application on SUN's 1.3 J2EE RI that uses the multipartrequest servlet to upload a file, but the security manager is issuing java.io.file permission exceptions. How do I change the policy file to limit the scope of permissions to this application. I'm fairly new to security so I'm not quite sure how to specify the code base on the grant and what to use (i.e., the URL?). I have the same problem when using a struts version of this app. I tried various combinations of: file://theWebPackage/* & also /- or http://theHost/theContextRoot/* etc. but the only thing that works is granting default domain permission for read, write and delete, which I obviously don't want to do.