Thanks a lot for the reply Ulf

.
I looked into the code, but found some methods are deprecated now, and I couldn't find an alternative way to get the code working without those methods (JavaDoc says to use checkPermission but I couldn't find out how that could be helpful to find which classloader loaded the class).
Finally, I got it working using policy files.
Here's what I did:
In my ClassLoader, I used the "http://my.remote.loaded.code.base" as the CodeSource when I defined my classes.
Code Base "file:/-" matches with rest of the classes, which are loaded from the file system.
So this way, I got my remote code running in a sandbox.
[ August 01, 2008: Message edited by: Yohan Liyanage ]