Tims right, you wont be able to create classloaders on the client as those are restriced by the webstart security. If you sign the JBM client jar it will allow you more permissions on the client. remember for each set of signed jars you'll need a different jnlp file.
If you have upgraded to the newest remoting 2.2.2.SP2 which includes JBREM-811(http://jira.jboss.com/jira/browse/JBREM-811) you can do any of the following.
1. When your code starts up(before using JBM) set the Security manager to null.
System.setSecurityManager( null )
2. Define your own policy file that adds java.security.AllPermissions to *everything*(all code bases).
http://lopica.sourceforge.net/faq.html#customcl
3. grant codeBase "file:.../jboss-remoting.jar"
{
permission java.lang.RuntimePermission "createClassLoader";
}
Jay:)