Java applets running within a Web browser are restricted in several ways for security reasons. The term used to describe these restrictions is "sandboxing". These restrictions include not allowing applets to call into native code or to call Java classes which can not be verified by the Java bytecode verifier.
The ability to call into arbitrary COM objects, locally or remotely, from Java is clearly "calling native code" and thus is disabled for applets. However, through secure digital signatures, applets can be verified as coming from a trusted source, if an applet is digitally signed, it can make COM calls.
Note that these rules apply only to Java applets, not Java applications or other non-downloadable Java components.