Based on the code sample in : http://vulncat.fortifysoftware.com/1/RI.html, I would suggest :

----------------------------------------------

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
 
public class ResourceInjection extends HttpServlet
{
    public void doGet(HttpServletRequest req, HttpServletResponse res)
        throws ServletException, IOException
    {
        res.setContentType("text/html");
        ServletOutputStream out = res.getOutputStream();
        out.println("<HTML><HEAD><TITLE>Test</TITLE></HEAD><BODY><blockquote><pre>");
 
                String fname = req.getParameter("fname");
                String msg = req.getParameter("msg");
                if(fname != null) {
                        try {
                                File rFile = new File("/usr/local/apfr/reports/" + fName);
				if(msg.compareTo("delete")==0)	{
                                	rFile.delete();
				}
                        } catch(Exception e) {
                                out.println("error reading from that file name");  
                        }
                } else {
                        out.println("specify a file name");
                }
 
        out.println("</pre></blockquote></BODY></HTML>");
        out.close();
    }
}
----------------------------------------------

The description is incorrect. It should read : "Allowing user input to control resource identifiers may enable an attacker to access or modify otherwise protected system resources (from the Fortify Taxonomy vulncat.fortifysoftware.com)". In this case the file path can be controlled by a malicious user to access other files.

The tainted data should be coming from an http request and not from a command line.