---
title: Restricting access with plugins
description: The UnboundID Server SDK provides support for creating a wide range of extensions that can be configured to run in the server. One of the available extension types is Plugin, which can be used to invoke custom code at various points in server processing.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_security_guide:pd_sec_restrict_access_plugins
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_sec_restrict_access_plugins.html
revdate: September 13, 2023
---

# Restricting access with plugins

The UnboundID Server SDK provides support for creating a wide range of extensions that can be configured to run in the server. One of the available extension types is `Plugin`, which can be used to invoke custom code at various points in server processing.

If a custom plugin is configured in the server with a `postconnect` plugin type, then its `doPostConnect` method is invoked for any new connection that is established. This method can examine information that the server has about the client connection, and if it determines that the connection should not be allowed, then it can terminate the connection.

Plugins can also intercept operation requests and responses to invoke custom processing for them. If a client requests an operation that a plugin decides should not be allowed, then the plugin can reject the operation or terminate the connection.