Signed applet loads signed jar-files using URLClassLoader with security issue

Question

I have a signed applet. To implement some plugin architecture I download and store to disk a JAR file with specific classes.

Then I load these classes with URL

Answer 1

Use an appropriate subclass of java.security.SecureClassLoader to assign an appropriate ProtectionDomain to the loaded classes. Of course, making sure that these classes are to be trusted by some mechanism (e.g. signed with a certificate you trust for such purposes).