You should not need to mess with java.policy.
Recent Java Plug-In versions have introduced a Site Exception List (in the security tab of the control panel). If your Java Plug-In version has that, then you should add your Windchill server to that list.
Other than that and using a recent Java Plug-In version within the Java version (e.g. 6, 7, or 8) in question, there should be nothing for the *client* to do. Depending on the Windchill version and the target Java Plug-In version, the server administrator may need to apply a generic patch, though.
Also note back-support for more recent Java Plug-In versions, e.g. Java 8, does not extend back to all old Windchill versions but rather to specific version and MOR levels with specific generic patches applied.