One of the nice features in XP SP2 Firewall is that when an application tries to access the network, it opens a dialog asking if the application should be granted network access and remembers the choice user makes. This is great for normal applications. Unfortunately, Java applications all fall under the hosting application name (java.exe and javaw.exe) so network access can not be given to some Java applications and not others.
Unless Java applications start running with Security Manager enabled and the Security Manager is better integrated with the host platform firewall such as XP SP2 Firewall, I fear IT Administrators will start cracking down on Java applications. Until that happens, I think popular Java applications will have to be cocooned inside a thin native application wrapper to give each application a unique process signature.
Note that .NET applications don't have this problem.