Java client/server configuration and security across domains

I'm trying to set up an application server to run a simple website and a Java client application that needs to communicate back to a Java server.

What I'd like to do is the following:

• Website/web application server at http://www.mydomain.com
• Applet and/or Java Web Start jar at http://files.mydomain.co开发者_如何学Pythonm
• Server listening on some port at http://server.mydomain.com
• Use unsigned Java files (in order to minimise barriers to users!)

Will this work given the Java security model? Or is there a better design?

better way is to manage your configuration under only one domain

* Website/web application server at http://www.mydomain.com
* Applet and/or Java Web Start jar at http://www.mydomain.com/files
* Server listening on some port at http://www.mydomain.server.com

You can use method of authentication for file access

For your Applet to be able to communicate to anywhere else than where it was downloaded from you are going to need to sign it, or forward any requests from it from where it was sent from.