I have a fairly definitive answer on this. Buried in the "enhancements" section of the java 8 documentation.http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/enhancements-8.html
RIA are not granted SocketPermissions beginning with JDK 8."
I Leave it to the reader to decide in what universe this is an enhancement.
So it appears that Oracle has decreed that sandboxed applets can't use sockets; they have to become all-permissions
applets, which have unrestricted access to the client's machine. It mystifies me how requiring users to trust applets with
unrestricted access will enhance security.