Re: URGENT: Tomcat 7 Aliases

[Victor Rodriguez]

Thanks Chris!  I now get "Document base
/dg/local/cots/tomcat/tomcat_8082/webapps/xyz does not exist or is not a
readable directory"

On Thu, Dec 8, 2016 at 2:50 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Victor,
>
> On 12/8/16 4:59 PM, Victor Rodriguez wrote:
> > THANKS IN ADVANCE FOR YOUR HELP!  (not yelling, just emphasizing!)
> >
> > I have abc.war and I want both /abc and /xyz to work for it.  I've
> > tried adding aliases="/abc=abc.war,/xyz=abc.war" and
> > aliases="/abc=abc,/xyz=abc" but neither of those worked.  This is
> > how my original context.xml looked like.
> >
> >   
> > WEB-INF/web.xml   > pathname="" />
> >
> >  
> >
> > 
> >
>
> Tomcat 7 aliases are intended to map URLs within a single web
> application. You can't use it to duplicate the web application on two
> base paths.
>
> Here's what you need to do:
>
> 1. Put your WAR file in webapps/abc.war. This will deploy as usual.
>
> 2. Copy webapps/abc.war/META-INF/context.xml into
> conf/Catalina/localhost/xyz.xml and modify the  element like
> this:
>
>   
>...
>   
>
> Hope that helps,
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYSeO/AAoJEBzwKT+lPKRYBkIQAKiBaS7HNJrBfROGNu1pif1d
> ZPW1pyqXOp879TX9IjhViu8oSMQS1vymG4DrHscRUMlkdNuny+NHKecxKMv1La5i
> DtQOt2Hax26QizANh+cp9QHaJejdMpNM3mc4ySYfqi5bL4m3MlO7D+NycFT321/q
> mfKtDmH596B8TJRchoPjLCOl2jjPfvHSf2c1BVnztIOXXY/X4PwZfNiLv1uZDGnn
> pqK77m6TAiiMjV9lrn2DX7i3wZi1tiG13PoF16CYubmTNixbmZ45gO3dr+VmH+h2
> Q1hlN+MMghpbQ0Ukg1EYldA21ct31OjyG3ipinSHgTPygKV/ZvEIM3Zh67iU0bUn
> xOkiQ3G6nACSRP+0+9qFqnSGN283RQKC1eS6/ZnpG+YLOtNbh60+gLyOQk4O9/pw
> ZBabh7gOCjozHFmuDgcgec/Ql2kFS86fDBTX1QdjrhTdm/rH4rEAYShbL168gCC0
> vt+kjqR2QPJPkpxeuYiPTdoAI7eOLX1M4JfStF9Dmce5291262t2PJdBYJjulfVS
> cXVRjWgPCAiluBcyF2LME5E+jKEGeMtmBbK2+S8UVIXDS0MvKWLDln5PW8MAfWWr
> xfSFTBqNOKVtEuz22KpYkbljfXrLxn2uY6TKTjQnwddpH4t1TP0qSpnxCe38j3WT
> 3j37VFuqdMGl0f54yk12
> =hk95
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
Sent from neither my iPhone nor my iPad.

Re: URGENT: Tomcat 7 Aliases

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Victor,

On 12/8/16 4:59 PM, Victor Rodriguez wrote:
> THANKS IN ADVANCE FOR YOUR HELP!  (not yelling, just emphasizing!)
> 
> I have abc.war and I want both /abc and /xyz to work for it.  I've
> tried adding aliases="/abc=abc.war,/xyz=abc.war" and
> aliases="/abc=abc,/xyz=abc" but neither of those worked.  This is
> how my original context.xml looked like.
> 
>
> WEB-INF/web.xml   pathname="" />
> 
>  
> 
> 
> 

Tomcat 7 aliases are intended to map URLs within a single web
application. You can't use it to duplicate the web application on two
base paths.

Here's what you need to do:

1. Put your WAR file in webapps/abc.war. This will deploy as usual.

2. Copy webapps/abc.war/META-INF/context.xml into
conf/Catalina/localhost/xyz.xml and modify the  element like
this:

  
   ...
  

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYSeO/AAoJEBzwKT+lPKRYBkIQAKiBaS7HNJrBfROGNu1pif1d
ZPW1pyqXOp879TX9IjhViu8oSMQS1vymG4DrHscRUMlkdNuny+NHKecxKMv1La5i
DtQOt2Hax26QizANh+cp9QHaJejdMpNM3mc4ySYfqi5bL4m3MlO7D+NycFT321/q
mfKtDmH596B8TJRchoPjLCOl2jjPfvHSf2c1BVnztIOXXY/X4PwZfNiLv1uZDGnn
pqK77m6TAiiMjV9lrn2DX7i3wZi1tiG13PoF16CYubmTNixbmZ45gO3dr+VmH+h2
Q1hlN+MMghpbQ0Ukg1EYldA21ct31OjyG3ipinSHgTPygKV/ZvEIM3Zh67iU0bUn
xOkiQ3G6nACSRP+0+9qFqnSGN283RQKC1eS6/ZnpG+YLOtNbh60+gLyOQk4O9/pw
ZBabh7gOCjozHFmuDgcgec/Ql2kFS86fDBTX1QdjrhTdm/rH4rEAYShbL168gCC0
vt+kjqR2QPJPkpxeuYiPTdoAI7eOLX1M4JfStF9Dmce5291262t2PJdBYJjulfVS
cXVRjWgPCAiluBcyF2LME5E+jKEGeMtmBbK2+S8UVIXDS0MvKWLDln5PW8MAfWWr
xfSFTBqNOKVtEuz22KpYkbljfXrLxn2uY6TKTjQnwddpH4t1TP0qSpnxCe38j3WT
3j37VFuqdMGl0f54yk12
=hk95
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

URGENT: Tomcat 7 Aliases

[Victor Rodriguez]

THANKS IN ADVANCE FOR YOUR HELP!  (not yelling, just emphasizing!)

I have abc.war and I want both /abc and /xyz to work for it.  I've tried
adding aliases="/abc=abc.war,/xyz=abc.war" and aliases="/abc=abc,/xyz=abc"
but neither of those worked.  This is how my original context.xml looked
like.




WEB-INF/web.xml
   

Re: Two Way SSL - SSL Offloading at load balancer

[tomcat]

On 02.12.2016 13:27, Bipin Jethwani wrote:

We use Spring security and want to use Two Way SSL for a few Jersey based
REST APIs exposed for mobile devices. SSL is offloaded at load-balancer or
apache level.

Can we still get access to client certificate at web app level?

On second thought we can live without having access to client cert but can
we have load-balancer or apache configured to request for client cert only
for a specific urls?


On second thought, and after checking the Apache httpd configuration directives, you may 
want to look at this :

http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslverifyclient

It seems that, contrary to most SSL-oriented directives, this one /can/ be used at the 
"directory" level (which means also in a  section).


So you could specify it only for some URLs, at the Apache httpd front-end level.



Is there a standard for this?

-Bipin



Hi.

If indeed "SSL is offloaded at load-balancer or apache level", isn't this more a question 
for the respective user's list of these products, rather than for the Tomcat user's list ?


If you do need some SSL information at the Tomcat back-end level, and if between your 
Apache httpd front-end, and the Tomcat back-ends, the proxy/balancer module which you are 
using is mod_jk, then you will find most pertinent information about passing SSL data from 
the front-end to the back-end Tomcat (even if you "terminate" the SSL at the httpd level), 
here :

http://tomcat.apache.org/connectors-doc/reference/apache.html



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: UNC access to an tomcat webdav server

[Arno Schäfer]

> In the "any hints" category :
> - in Windows (disk) Explorer, go to "Netzwerkumgebung"
> - select "Netzwerkumgebung hinzufügen"
> - click "Weiter" (2 X)
> - in "Internet- oder Netzwerkadresse", enter your 
> "https://webserver:port/webdav;
>and click "Weiter". Depending on how you set this up in your webserver, 
> you may have to login.
> When you are done, you should have a new link under "Netzwerkumgebung", 
> without a drive letter. Under that link, > what appears is the content of the 
> webserver's DAV directories. 
> You can then drag/drop files to/from there, using Windows Explorer.

Yes, thank you very much, that is exactly what I looked and searched for. In 
the properties of the link I see also the
resulting UNC path. I have never recognized this content in the context menu of 
the 'computer'. It seem s also not
possible to get this result with the 'net use' command.

Best regards
Arno

Re: UNC access to an tomcat webdav server

[tomcat]

On 08.12.2016 14:31, Arno Schäfer wrote:

I have configured a tomcat (7.0.54) webdav server and try to access via a 
windows UNC path.
If I run WebDAV in an IIS environment I can access this server automaticly from 
all clients
via an UNC path like '\\webserver[@port]\webdav\' if the server side mapping is
'https://webserver[:port]/webdav'. For this I have done nothing. (Windows >= 
version 7)

So it is possible to use this dynamicly in every client website, where I need 
it. What is to do
to get this also on the tomcat server? Is it done with some kind of server 
configuration or is
it a client side action.

Til now I mapped the webdav address to a windows drive letter, but this I want 
to avoid.


(and you should not need to do that)


Any hints are welcome :-)



In the "any hints" category :
- in Windows (disk) Explorer, go to "Netzwerkumgebung"
- select "Netzwerkumgebung hinzufügen"
- click "Weiter" (2 X)
- in "Internet- oder Netzwerkadresse", enter your 
"https://webserver:port/webdav;
  and click "Weiter". Depending on how you set this up in your webserver, you may have to 
login.


When you are done, you should have a new link under "Netzwerkumgebung", without a drive 
letter. Under that link, what appears is the content of the webserver's DAV directories. 
You can then drag/drop files to/from there, using Windows Explorer.


Is that what you mean by your (relatively obscure) question ?

(Web)DAV is a HTTP "sub-protocol" (or "extension").  Any accesses to a DAV resource are 
via HTTP commands.
Possibly, Windows and IIS allows you to also access an IIS-based DAV server, via a UNC 
kind of address, and make the translation automatically. But that would then be 
Windows-specific.


Note: the Windows client-side implementation of DAV is full of non-standard 
particularities and caveats.  Do not be surprised if you encounter some issues with this, 
and search Google and/or the Tomcat list archives for more information.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

UNC access to an tomcat webdav server

[Arno Schäfer]

I have configured a tomcat (7.0.54) webdav server and try to access via a 
windows UNC path.
If I run WebDAV in an IIS environment I can access this server automaticly from 
all clients
via an UNC path like '\\webserver[@port]\webdav\' if the server side mapping is
'https://webserver[:port]/webdav'. For this I have done nothing. (Windows >= 
version 7)

So it is possible to use this dynamicly in every client website, where I need 
it. What is to do
to get this also on the tomcat server? Is it done with some kind of server 
configuration or is
it a client side action.

Til now I mapped the webdav address to a windows drive letter, but this I want 
to avoid.

Any hints are welcome :-)

Thanks
Arno
_

Vorsitzender des Aufsichtsrats: David Bellin
Vorstand: Diederik Vos (CEO) │ Ralph Gillessen (COO) │ René Gawron (CFO)
Martin Hodgson (Executive Director Management Consulting)
SQS AG │ Stollwerckstraße 11 │ 51149 Köln
Sitz der Gesellschaft: Köln │ Amtsgericht Köln, HRB 12764

This e-mail may contain confidential and/or privileged information. If you are 
not the intended recipient
(or have received this e-mail in error) please notify the sender immediately 
and destroy this e-mail.
Any unauthorised copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden.

Re: Tomcat Realm/LDAP - userRoles and Organization Unit name for authenticated users

[tomcat]

On 05.12.2016 18:25, Taylor, Larry wrote:

Hi Felix

If isUserinRole  has information to make determination to different component 
accesses in the application that would be sufficient - although,  what I  
really need to know is what department or Organizational unit they belong to 
after authentication in order to give them specific page component accesses.

Any help on this is appreciated.



In the "any help" category :

I believe that there are 2 distinct aspects involved, which are somewhat mixed 
up here :
- the user authentication itself
- the gathering of additional information about a user (authenticated and 
current, or not)

and that it may be better, from the start, to distinguish them, if only for future 
portability reasons.


Many user authentication schemes will only tell you whether yes or no the current user is 
authenticated, given the credentials supplied.  This may happen, in the background, via 
some scheme which allows a server (given the *server* credentials), to verify with some 
back-end authority, that the current webapp user credentials check out.
In the big scheme of things, there is nothing however that says that additional user 
information (such as "groups" or "organisational unit" or "email address" or even name or 
whatever) can be obtained via the same scheme, or using the same "server credentials". (*)


The concept of tomcat "roles" also does not necessarily match the concept of "user 
groups". The fact that for some authentication schemes, the "isUserInRole" call would 
return yes/no if the user is/is not in some "user group" is also a kind of convenience, 
rather than something really solid and portable.


What I am saying thus, is that rather than looking for something wich can provide this 
additional information right within the authentication part of the request cycle, maybe 
you should look at doing this in two separate steps, such as :

- let the authentication verify the credentials and return an authenticated 
user-id
- then later, in a separate "request filter", use this authenticated user-id to access the 
back-end database system of your choice, to retrieve any additional user information which 
you require, and add it as some session attribute. (The case where both the authentication 
and the user data retrieval would use the same back-end, being then merely a coincidence).


That would be much more portable if ever the authentication method  (or the source of the 
additional user information) would change in the future.


As someone else regularly says here, "just my 2 cent".


(*) What I mean precisely here, is that the "server credentials" which the authentication 
scheme uses to verify that a user is authenticated, may not allow the same server to get 
any additional information about that user, even with the same back-end "user database" 
system. The first may need only some "computer account", while the second may need some 
"admin account" e.g. It may be messy to try to do this in the same bit of code.







-Original Message-
From: Felix Schumacher [mailto:felix.schumac...@internetallee.de]
Sent: Sunday, December 04, 2016 2:17 AM
To: users@tomcat.apache.org
Subject: Re: Tomcat Realm/LDAP - userRoles and Organization Unit name for 
authenticated users

Am 04.12.2016 um 08:04 schrieb Taylor, Larry:

Hello,

For  Users that have authenticated  from the Web Login page through Tomcat 
Realm LDAP configuration is it possible to get the authenticated user's 
ou=Organizational Unit or Department name?   and also what their role names 
are?   I need this information to pass to a servlet or jsp page.

I saw documentation about the java.security.Principal class but could not find 
any documentation or examples on how to get this type of information after 
users are authenticated.

I am able to get the username with  ${pageContext.request.userPrincipal.name} & 
 request.getRemoteUser(); but nothing about how to get the user's member 
affiliations and roles.

The standard way to get the roles is to iterate over your expected roles and 
ask for request.isUserInRole(role). The servlet spec has no API to get directly 
a list of roles.

If you are willing to bind yourself to the implementation of JNDIRealm you 
could get the list of roles. But I don't recommend it, as that implementation 
is not guaranteed to stay stable.

Do you really need to get the list, or is isUserInRole enough?

Regards,
   Felix


Any information or pointers on this is appreciated.



Larry Taylor





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Migration to Tomcat 8.0 Post/PreResources vs VirtualWebappLoader with optional resources

[Mark Thomas]

On 07/12/2016 09:01, Berg, R. van den (Robin) wrote:
> Hello!
> I have an issue that seems not supported anymore with Tomcat 8.
> The same problem is also posted in the comments on: 
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html
> 
> PROBLEM:
> We used the virtualWebAppLoader to get some extra libraries and classes that 
> were on the machine on the classloader.
> The virtualClasspath-property of the virtualWebAppLoader was a ';'-seperated 
> list of directories. If one of them was empty, that was not a problem.
> We used the fact that non-existing/empty directories were not loaded, without 
> any exception. MQ were imported on
> Test-acceptance-production. However, in a local/dev-setup we do not provide 
> these libraries, since MQ-services are stubbed out.
> 
> We used the {Jar|File|Dir}ResourceSet in the context.xml as replacement for 
> the virtualWebAppLoader, as recommended by the migration guide.
> However, these fail when the base-property is non-existent. Therefore, it 
> breaks dev/local.
> 
> In the comments in 
> https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html a solution was 
> posted to extend the {Jar|File|Dir}ResourceSet.
> However, that solution won't work for us, since we can't provide the 
> tomcat-instances on test-acc-prd with an extra class/library with the 
> extended class. (access-rights/cloud-solution only allows default setup).

Can you not simply create an empty directory in the right place for
dev/local ?

Mark

> 
> PREFERRRED SOLUTION:
> Just like the tomcat 7  virtualWebAppLoader we would like the ResourceSet to 
> be optional/non-failing if the resource is not available. Is there any 
> configuration/property I can use to do that?
> 
> Thanks,
> Kind Regards,
> 
> 
> ATTENTION:
> The information in this e-mail is confidential and only meant for the 
> intended recipient. If you are not the intended recipient, don't use or 
> disclose it in any way. Please let the sender know and delete the message 
> immediately.
> --
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Is there a class or way in Tomcat to write org.apache.catalina.authenticator messages to a different logfile

[Mark Thomas]

On 08/12/2016 00:31, Taylor, Larry wrote:
> 
> Hello,
> 
> Is there a class or way in Tomcat to write org.apache.catalina.authenticator 
> messages to a different logfile?
> 
> I'm using Tomcat 8.0.9 - I have logging turned on for the realm 
> authentication but i cannot get authentication messages to write to a 
> different log prefix file other than catalalina.out.
> 
> Is there a way to do this and keep the normal server messages writing to 
> catalina.out?
>  In conf/logging.properties - this writes fine to catalina.out
>  
> # Handler specific properties.
>   # Describes specific configuration info for Handlers .
>   
>org.apache.catalina.realm.level = FINE
>org.apache.catalina.realm.useParentHandlers = true
>org.apache.catalina.authenticator.level = FINE
>org.apache.catalina.authenticator.useParentHandlers = true
> 
> 
> I did not see any org.apache.catalina.authenticator.juli.AsyncFileHandler 
> classes to do this -
>  I need somthing like: 
>  org.apache.catalina.authenticator.juli.AsyncFileHandler.prefix = 
> authuser.
> 
> 
> thanks for any information on how to configure this.

The following patch applied to a default Tomcat logging configuration
should do what you want:

http://home.apache.org/~markt/dev/auth-logging.path

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat listener not coming up - no stuck threads

[Mark Thomas]

On 07/12/2016 15:21, Christopher Schultz wrote:
> John,
> 
> On 12/7/16 7:19 AM, John D. Ament wrote:
>> On Wed, Dec 7, 2016 at 3:58 AM Mark Thomas 
>> wrote:
> 
>>> On 06/12/2016 02:59, John D. Ament wrote:
>>>
>>> 
>>>
 So I was able to identify my issue.  It's not specifically a
 tomcat problem, but tomcat's bootstrapping makes it unique.

 one of the issues I've observed is that Tomcat's use of
 multithreading causes some thread deadlocking with some
 synchronized blocks.  I was wondering if there's a way to turn
 that off?  Make tomcat's bootstrap happen in the same thread as
 the original invocation?
>>>
>>> What exactly do you mean by Tomcat's bootstrapping? Can you give
>>> an example of concurrent execution that is causing issues?
>>>
> 
>> I instantiate the Tomcat object and invoke start() on the "main"
>> thread. The invocation of ServletContextListeners happens on a 
>> "localhost-startStop-1" thread.  I would like to have that
>> invocation happen on the main thread instead.
> 
> Hmm... there is the "startStopThreads" setting on the Engine, but
> unfortunately there is not (currently available) setting that says
> "don't use multiple threads at all". It looks like Tomcat is always
> going to use at least one (separate) thread to launch the various
> Hosts (and webapps).

It wouldn't be too hard to change that to not use an executor if the
default of startStopThreads="1" was being used. However...

>> Its nothing within tomcat that is deadlocking, but under the covers
>> weld has a synchronized block, its inside that synchronized block
>> where Tomcat is instantiated.  There's a later point where Weld
>> tries getting a lock again.  In that case, when its single threaded
>> (in other containers) it passes since it has a lock, but in this
>> case it can't get that lock.

The Weld documentation suggests that it is initialized per web
application with a ServletContainerInitializer. This would be fine with
Tomcat's current use of an Executor for container start/stop.

I don't, therefore, understand how Weld is instantiating Tomcat. Can you
expand on this?

Mark

> Is there any way for you to remove the required monitor on your own
> code? Or is Weld so intricately-involved in the whole process that
> unwinding it isn't possible?
> 
> -chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Connection Pool

[Mark Thomas]

On 08/12/2016 07:59, Михаил Ткаченко wrote:
> Yes but it description is ambiguous for me. What does it means "active
> connection"? In use for request to DB?

It is the maximum number of connections the pool will keep open to the
database at any point in time. Those connections may be actively
processing queries, allocated to an application but not being used or be
sat idle in the pool waiting to be allocated.

Mark


> 
> 08 дек. 2016 г. 10:53 пользователь "Kaloyan Spiridonov" <
> k.i.spirido...@gmail.com> написал:
> 
>> Hello,
>>
>> As it is described in jdbc connection pool documentation:
>>
>> maxActive
>>
>> (int) The maximum number of active connections that can be allocated from
>> this pool at the same time. The default value is 100
>>
>> Best Regards,
>> Kaloyan
>>
>> On Thu, Dec 8, 2016 at 9:47 AM, Михаил Ткаченко 
>> wrote:
>>
>>> Hi! Do you tell me what maxActive option means? Is it the amount of all
>>> connection in the pool? Or is it max number of connection which in use at
>>> the certain moment? Thanks.
>>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Connection Pool

[Михаил Ткаченко]

Yes but it description is ambiguous for me. What does it means "active
connection"? In use for request to DB?

08 дек. 2016 г. 10:53 пользователь "Kaloyan Spiridonov" <
k.i.spirido...@gmail.com> написал:

> Hello,
>
> As it is described in jdbc connection pool documentation:
>
> maxActive
>
> (int) The maximum number of active connections that can be allocated from
> this pool at the same time. The default value is 100
>
> Best Regards,
> Kaloyan
>
> On Thu, Dec 8, 2016 at 9:47 AM, Михаил Ткаченко 
> wrote:
>
> > Hi! Do you tell me what maxActive option means? Is it the amount of all
> > connection in the pool? Or is it max number of connection which in use at
> > the certain moment? Thanks.
> >
>