For security reasons, no web server is ever allowed to browse a client computer's filesystem. Nor, for that matter, is a client computer allowed to browse the server's filesystem, except to the extent that the web application permits.
The file upload function that the inputFile tag supports instructs the client's web browser to open a local dialog box in order to select a file for uploading. The actual file data transfer is done by the browser using special form properties (MIME encoding). The server knows how to handle this data format (if it was properly configured), but the client is completely and totally responsible for everything else.
Anything beyond that would require client-side signed code in a special JavaScript or
Java Applet.