We need to provide similar capabilities as Java Script (XMLHttpRequest) for Java clients, as defined in the W3C CORS specification (Cross Origin Resource Sharing). This specification defines exactly which kinds of Http request can be made cross-origin without explicit permissions being granted. It also defines a procedure for clients to dynamically query servers for permission for other kinds of http request.