So let's get this straight.
Your want to SSH to a host from {something browser initiated} but the {something} needs to be server-based 'cos if the SSH session originates from the client IP address then the firewall blocks it, hence you can't use a stand-alone or applet based SSH client 'cos they'll all actually run on the client machine.
Sounds like you need a SSH client that will run on the web server itself, hence you can permit SSH from the IP address of the web server whilst denying all others.
My thoughts are:
Have a look for something servlet-based rather than applet.
Run telnetd/SSHd on the web-server. SSH->{svr1 SSH->{svr2}}
I hada quick google and looks like
http://www.ericdaugherty.com/dev/sshwebproxy/ will do the job you want