diff --git a/jetty-policy/src/main/config/lib/policy/jetty.policy b/jetty-policy/src/main/config/lib/policy/jetty.policy
index e103cd4a06b..98d332ec5d2 100644
--- a/jetty-policy/src/main/config/lib/policy/jetty.policy
+++ b/jetty-policy/src/main/config/lib/policy/jetty.policy
@@ -183,19 +183,19 @@ grant codeBase "file:${jetty.home}/work/-" {
 //
 //
 grant { 
+   permission java.io.FilePermission "${jetty.home}${/}lib${/}policy${/}-", "read";
+
    // allows anyone to listen on un-privileged ports
    permission java.net.SocketPermission "localhost:1024-", "listen";
-   permission java.net.SocketPermission "localhost:1024-", "accept";
-   
-   permission java.util.PropertyPermission "entityExpansionLimit", "read";
-   permission java.util.PropertyPermission "maxOccurLimit", "read";
-   permission java.util.PropertyPermission "elementAttributeLimit", "read";
-   permission java.lang.RuntimePermission "shutdownHooks";
-  
+   permission java.net.SocketPermission "localhost:1024-", "accept"; 
 
+   permission java.security.SecurityPermission "putProviderProperty.SunJCE";
    permission java.util.PropertyPermission "org.eclipse.jetty.io.nio.JVMBUG_THRESHHOLD", "read, write";
 
    // "standard" properties that can be read by anyone
+   permission java.util.PropertyPermission "entityExpansionLimit", "read";
+   permission java.util.PropertyPermission "elementAttributeLimit", "read";
+   permission java.util.PropertyPermission "maxOccurLimit", "read";
    permission java.util.PropertyPermission "java.version", "read";
    permission java.util.PropertyPermission "java.vendor", "read";
    permission java.util.PropertyPermission "java.vendor.url", "read";
@@ -211,13 +211,16 @@ grant {
    permission java.util.PropertyPermission "java.specification.version", "read";
    permission java.util.PropertyPermission "java.specification.vendor", "read";
    permission java.util.PropertyPermission "java.specification.name", "read";
-
+ 
    permission java.util.PropertyPermission "java.vm.specification.version", "read";
    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
    permission java.util.PropertyPermission "java.vm.specification.name", "read";
    permission java.util.PropertyPermission "java.vm.version", "read";
    permission java.util.PropertyPermission "java.vm.vendor", "read";
    permission java.util.PropertyPermission "java.vm.name", "read";
+
+   // TEST WEBAPP PERMISSIONS
+   permission java.util.PropertyPermission "user.dir", "read";  
 };
 
 
diff --git a/test-jetty-webapp/src/main/java/com/acme/SecureModeServlet.java b/test-jetty-webapp/src/main/java/com/acme/SecureModeServlet.java
index d08b9be42f8..314e9261037 100644
--- a/test-jetty-webapp/src/main/java/com/acme/SecureModeServlet.java
+++ b/test-jetty-webapp/src/main/java/com/acme/SecureModeServlet.java
@@ -12,6 +12,8 @@
 // ========================================================================
 
 package com.acme;
+
+import java.io.File;
 import java.io.IOException;
 import java.io.PrintStream;
 
@@ -53,6 +55,75 @@ public class SecureModeServlet extends HttpServlet implements SingleThreadModel
         ServletOutputStream out = response.getOutputStream();
         out.println("<html>");
         out.println("  <title>Secure Jetty Test Webapp</title>");
+
+        try
+        {
+        runPropertyChecks(out);
+
+        runFileSystemChecks(out);
+        }
+        catch (Exception e)
+        {
+            e.printStackTrace(new PrintStream(out));
+        }
+        out.println("</html>");
+        out.flush();
+
+        try
+        {
+            Thread.sleep(200);
+        }
+        catch (InterruptedException e)
+        {
+            getServletContext().log("exception",e);
+        }
+    }
+
+    private void runFileSystemChecks(ServletOutputStream out) throws Exception
+    {
+        out.println("    <h1>Checking File System</h1>");
+
+        /*
+         * test the reading and writing of a read only permission
+         */
+        out.println("    <h3>Declared Read Access - $jetty.home/lib</h3>");
+        out.println("      <p>");
+
+        String userDir = System.getProperty("user.dir");
+        try
+        {
+            out.println("check read for $jetty.home/lib/policy/jetty.policy <br/>");
+
+            File jettyHomeFile = new File(userDir + File.separator + "lib" + File.separator + "policy" + File.separator + "jetty.policy");
+            jettyHomeFile.canRead();
+            out.println("status: <b>SUCCESS - expected</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - unexpected</b><br/>");
+            out.println("<table><tr><td>");
+            e.printStackTrace(new PrintStream(out));
+            out.println("</td></tr></table>");
+        }
+        try
+        {
+            out.println("check write permission for $jetty.home/lib/policy/test.tmpfile<br/>");
+
+            File jettyHomeFile = new File(userDir + File.separator + "lib" + File.separator + "policy" + File.separator + "jetty.policy");
+            jettyHomeFile.canWrite();
+            out.println("status: <b>SUCCESS - unexpected</b><br/>");
+        }
+        catch (SecurityException e)
+        {
+            out.println("status: <b>FAILURE - expected</b><br/>");
+        }
+
+        out.println("      </p><br/><br/>");
+    }
+
+    private void runPropertyChecks(ServletOutputStream out) throws IOException
+    {
+
         out.println("    <h1>Checking Properties</h1>");
 
         /*
@@ -150,20 +221,7 @@ public class SecureModeServlet extends HttpServlet implements SingleThreadModel
         }
 
         out.println("      </p><br/><br/>");
-        out.println("</html>");
-        out.flush();
-        
-        try
-        {
-            Thread.sleep(200);
-        }
-        catch (InterruptedException e)
-        {
-            getServletContext().log("exception",e);
-        }
     }
-
-    
  
     
 }