Generally speaking application servers will use a single or low number of database users, by context. That is, you may have a single application user named 'app' with CRUD permissions on all of the application tables. This enables connection pooling. If there are audit requirements, they can be built into the application, which is a trusted party in this mode of operation.
If that's not sufficient, then any connection pooling framework, ORM or otherwise, may not be indicated. Generally speaking only internal applications require this level of scrutiny, and a public-facing ecommerce site (or extranet situation) won't need it.
Note that Oracle has a means of operation that enables tagging of connections with audit information passed through from the application. This is another option if your RDBMS supports it.
If that's not sufficient, then any connection pooling framework, ORM or otherwise, may not be indicated. Generally speaking only internal applications require this level of scrutiny, and a public-facing ecommerce site (or extranet situation) won't need it.
Note that Oracle has a means of operation that enables tagging of connections with audit information passed through from the application. This is another option if your RDBMS supports it.