With a monitoring tool of java , i saw that there is a method
void org.jboss.web.tomcat.security.SecurityAssociationValve.invoke()