First of all, you're creating a file using a relative path: this *may* be what you want, but strikes me as a really bad idea. Deployment will also matter; this may fail if it's deployed as a war. And war or not, it may be completely deleted on a new deploy. Use an absolute path.
Second of all, this kind of code doesn't belong in a JSP. It belongs in a normal Java class.
Third of all, if it's a permissions issue, you'll need to have the permissions changed--nothing to be done about that from the Java side.