feat(simple-jwt-jjwt): Complete the implementation with io.jsonwebtoken:jjwt-api

2023-08-04 19:45:23 +08:00
parent 9405908964
commit 6557b65d8a
11 changed files with 693 additions and 36 deletions
@@ -22,6 +22,7 @@
        <module>guid</module>
        <module>simple-jwt-facade</module>
        <module>simple-jwt-authzero</module>
        <module>simple-jwt-jjwt</module>
        <module>simple-jwt-spring-boot-starter</module>
    </modules>
@@ -70,7 +71,9 @@
        <junit.version>5.10.0</junit.version>
        <slf4j-api.version>2.0.7</slf4j-api.version>
        <lombok.version>1.18.28</lombok.version>
        <jackson.version>2.15.2</jackson.version>
        <auth0-jwt.version>4.4.0</auth0-jwt.version>
        <jjwt-jwt.version>0.11.5</jjwt-jwt.version>
        <spring.version>x.x.x</spring.version>
        <spring-boot.version>3.1.0</spring-boot.version>
@@ -103,12 +106,44 @@
                <version>${lombok.version}</version>
            </dependency>
            <dependency>
                <groupId>com.fasterxml.jackson.core</groupId>
                <artifactId>jackson-databind</artifactId>
                <version>${jackson.version}</version>
            </dependency>
            <dependency>
                <groupId>com.auth0</groupId>
                <artifactId>java-jwt</artifactId>
                <version>${auth0-jwt.version}</version>
            </dependency>
            <dependency>
                <groupId>io.jsonwebtoken</groupId>
                <artifactId>jjwt-api</artifactId>
                <version>${jjwt-jwt.version}</version>
            </dependency>
            <dependency>
                <groupId>io.jsonwebtoken</groupId>
                <artifactId>jjwt-impl</artifactId>
                <version>${jjwt-jwt.version}</version>
                <scope>runtime</scope>
            </dependency>
            <dependency>
                <groupId>io.jsonwebtoken</groupId>
                <artifactId>jjwt-jackson</artifactId>
                <version>${jjwt-jwt.version}</version>
                <scope>runtime</scope>
                <exclusions>
                    <exclusion>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-databind</artifactId>
                    </exclusion>
                </exclusions>
            </dependency>
            <dependency>
                <groupId>cn.org.codecrafters</groupId>
                <artifactId>devkit-core</artifactId>
@@ -121,6 +156,12 @@
                <version>${project.version}</version>
            </dependency>
            <dependency>
                <groupId>cn.org.codecrafters</groupId>
                <artifactId>devkit-utils</artifactId>
                <version>${project.version}</version>
            </dependency>
            <dependency>
                <groupId>cn.org.codecrafters</groupId>
                <artifactId>simple-jwt-facade</artifactId>
@@ -133,6 +174,12 @@
                <version>${project.version}</version>
            </dependency>
            <dependency>
                <groupId>cn.org.codecrafters</groupId>
                <artifactId>simple-jwt-jjwt</artifactId>
                <version>${project.version}</version>
            </dependency>
            <!-- Spring -->
            <dependency>
                <groupId>org.springframework.boot</groupId>
@@ -23,6 +23,7 @@ import cn.org.codecrafters.simplejwt.TokenPayload;
 import cn.org.codecrafters.simplejwt.TokenResolver;
 import cn.org.codecrafters.simplejwt.annotations.ExcludeFromPayload;
 import cn.org.codecrafters.simplejwt.authzero.config.AuthzeroTokenResolverConfig;
 import cn.org.codecrafters.simplejwt.config.TokenResolverConfig;
 import cn.org.codecrafters.simplejwt.constants.TokenAlgorithm;
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.JWTCreator;
@@ -124,6 +125,8 @@ public class AuthzeroTokenResolver implements TokenResolver<DecodedJWT> {
     */
    private final JWTVerifier verifier;
    private final AuthzeroTokenResolverConfig config = AuthzeroTokenResolverConfig.getInstance();
    /**
     * Creates a new instance of AuthzeroTokenResolver with the provided
     * configurations.
@@ -146,7 +149,7 @@ public class AuthzeroTokenResolver implements TokenResolver<DecodedJWT> {
        }
        this.jtiCreator = jtiCreator;
-        this.algorithm = AuthzeroTokenResolverConfig.getInstance()
+        this.algorithm = config
                .getAlgorithm(algorithm)
                .apply(secret);
        this.issuer = issuer;
@@ -172,7 +175,7 @@ public class AuthzeroTokenResolver implements TokenResolver<DecodedJWT> {
        }
        this.jtiCreator = (GuidCreator<UUID>) UUID::randomUUID;
-        this.algorithm = AuthzeroTokenResolverConfig.getInstance()
+        this.algorithm = config
                .getAlgorithm(algorithm)
                .apply(secret);
        this.issuer = issuer;
@@ -197,7 +200,7 @@ public class AuthzeroTokenResolver implements TokenResolver<DecodedJWT> {
        }
        this.jtiCreator = (GuidCreator<UUID>) UUID::randomUUID;
-        this.algorithm = AuthzeroTokenResolverConfig.getInstance()
+        this.algorithm = config
                .getAlgorithm(TokenAlgorithm.HS256)
                .apply(secret);
        this.issuer = issuer;
@@ -214,7 +217,7 @@ public class AuthzeroTokenResolver implements TokenResolver<DecodedJWT> {
        var secret = SecretCreator.createSecret(32, true, true, true);
        this.jtiCreator = (GuidCreator<UUID>) UUID::randomUUID;
-        this.algorithm = AuthzeroTokenResolverConfig.getInstance()
+        this.algorithm = config
                .getAlgorithm(TokenAlgorithm.HS256)
                .apply(secret);
        this.issuer = issuer;
@@ -17,6 +17,7 @@
 package cn.org.codecrafters.simplejwt;
 import java.lang.reflect.InvocationTargetException;
 import java.time.Duration;
 import java.util.Map;
@@ -25,7 +26,7 @@ import java.util.Map;
 * The {@code TokenResolver} interface defines methods for creating,
 * extracting, and renewing tokens, particularly JSON Web Tokens (JWTs). It
 * provides a set of methods to generate tokens with various payload
- * configurations, extract payloads from tokens, and renew expired tokens.
+ * configurations, extract payload from tokens, and renew expired tokens.
 *
 * <p>
 * <b>Token Creation:</b>
@@ -72,10 +73,10 @@ public interface TokenResolver<ResolvedTokenType> {
     * @param expireAfter the duration after which the token will expire
     * @param subject     the subject of the token
     * @param audience    the audience for which the token is intended
-     * @param payloads    the custom payload data to be included in the token
+     * @param payload     the custom payload data to be included in the token
     * @return the generated token as a {@code String}
     */
-    String createToken(Duration expireAfter, String audience, String subject, Map<String, Object> payloads);
+    String createToken(Duration expireAfter, String audience, String subject, Map<String, Object> payload);
    /**
     * Creates a new token with the specified expiration time, subject,
@@ -113,16 +114,6 @@ public interface TokenResolver<ResolvedTokenType> {
     */
    <T extends TokenPayload> T extract(String token, Class<T> targetType);
    /**
     * Renews the given expired token with the specified custom payload data.
     *
     * @param oldToken the expired token to be renewed
     * @param payload  the custom payload data to be included in the renewed
     *                 token
     * @return the renewed token as a {@code String}
     */
    String renew(String oldToken, Map<String, Object> payload);
    /**
     * Renews the given expired token with the specified custom payload data.
     *
@@ -134,6 +125,16 @@ public interface TokenResolver<ResolvedTokenType> {
     */
    String renew(String oldToken, Duration expireAfter, Map<String, Object> payload);
    /**
     * Renews the given expired token with the specified custom payload data.
     *
     * @param oldToken the expired token to be renewed
     * @param payload  the custom payload data to be included in the renewed
     *                 token
     * @return the renewed token as a {@code String}
     */
    String renew(String oldToken, Map<String, Object> payload);
    /**
     * Renews the given expired token with the specified strongly-typed
     * payload data.
@@ -0,0 +1,69 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  ~ Copyright (C) 2023 CodeCraftersCN.
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~     http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ~
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
  -->
 <project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>cn.org.codecrafters</groupId>
        <artifactId>jdevkit</artifactId>
        <version>1.0.0</version>
    </parent>
    <artifactId>simple-jwt-jjwt</artifactId>
    <properties>
        <maven.compiler.source>17</maven.compiler.source>
        <maven.compiler.target>17</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>
    <dependencies>
        <dependency>
            <groupId>cn.org.codecrafters</groupId>
            <artifactId>devkit-utils</artifactId>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-api</artifactId>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-impl</artifactId>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-jackson</artifactId>
        </dependency>
        <dependency>
            <groupId>cn.org.codecrafters</groupId>
            <artifactId>simple-jwt-facade</artifactId>
        </dependency>
    </dependencies>
 </project>
@@ -0,0 +1,313 @@
 /*
 * Copyright (C) 2023 CodeCraftersCN.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package cn.org.codecrafters.simplejwt.jjwt;
 import cn.org.codecrafters.devkit.utils.MapUtil;
 import cn.org.codecrafters.guid.GuidCreator;
 import cn.org.codecrafters.simplejwt.SecretCreator;
 import cn.org.codecrafters.simplejwt.TokenPayload;
 import cn.org.codecrafters.simplejwt.TokenResolver;
 import cn.org.codecrafters.simplejwt.constants.TokenAlgorithm;
 import cn.org.codecrafters.simplejwt.exceptions.WeakSecretException;
 import cn.org.codecrafters.simplejwt.jjwt.config.JjwtTokenResolverConfig;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jws;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
 import lombok.extern.slf4j.Slf4j;
 import java.lang.reflect.InvocationTargetException;
 import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.time.Duration;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
 import java.util.Date;
 import java.util.Map;
 import java.util.UUID;
 /**
 * JjwtTokenResolver
 *
 * @author Zihlu Wang
 */
@Slf4j
 public class JjwtTokenResolver implements TokenResolver<Jws<Claims>> {
    private final GuidCreator<?> jtiCreator;
    private final SignatureAlgorithm algorithm;
    private final String issuer;
    private final Key key;
    private final JjwtTokenResolverConfig config = JjwtTokenResolverConfig.getInstance();
    public JjwtTokenResolver(GuidCreator<?> jtiCreator, TokenAlgorithm algorithm, String issuer, String secret) {
        if (secret == null || secret.isBlank()) {
            throw new IllegalArgumentException("A secret is required to build a JSON Web Token.");
        }
        if (secret.length() <= 32) {
            log.error("""
                    The provided secret which owns {} characters is too weak. Please replace it with a stronger one.
                    """, secret.length());
            throw new WeakSecretException("""
                    The provided secret which owns %s characters is too weak. Please replace it with a stronger one.
                    """.formatted(secret.length()));
        }
        this.jtiCreator = jtiCreator;
        this.algorithm = config.getAlgorithm(algorithm);
        this.issuer = issuer;
        this.key = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
    }
    public JjwtTokenResolver(TokenAlgorithm algorithm, String issuer, String secret) {
        if (secret == null || secret.isBlank()) {
            throw new IllegalArgumentException("A secret is required to build a JSON Web Token.");
        }
        if (secret.length() <= 32) {
            log.error("""
                    The provided secret which owns {} characters is too weak. Please replace it with a stronger one.
                    """, secret.length());
            throw new WeakSecretException("""
                    The provided secret which owns %s characters is too weak. Please replace it with a stronger one.
                    """.formatted(secret.length()));
        }
        this.jtiCreator = UUID::randomUUID;
        this.algorithm = config.getAlgorithm(algorithm);
        this.issuer = issuer;
        this.key = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
    }
    public JjwtTokenResolver(String issuer, String secret) {
        if (secret == null || secret.isBlank()) {
            throw new IllegalArgumentException("A secret is required to build a JSON Web Token.");
        }
        if (secret.length() <= 32) {
            log.error("""
                    The provided secret which owns {} characters is too weak. Please replace it with a stronger one.
                    """, secret.length());
            throw new WeakSecretException("""
                    The provided secret which owns %s characters is too weak. Please replace it with a stronger one.
                    """.formatted(secret.length()));
        }
        this.jtiCreator = UUID::randomUUID;
        this.algorithm = config.getAlgorithm(TokenAlgorithm.HS256);
        this.issuer = issuer;
        this.key = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
    }
    public JjwtTokenResolver(String issuer) {
        this.jtiCreator = UUID::randomUUID;
        this.algorithm = config.getAlgorithm(TokenAlgorithm.HS256);
        this.issuer = issuer;
        this.key = Keys.hmacShaKeyFor(SecretCreator.createSecret(32, true, true, true).getBytes(StandardCharsets.UTF_8));
    }
    private String buildToken(Duration expireAfter, String audience, String subject, LocalDateTime now, Map<String, Object> claims) {
        var builder = Jwts.builder()
                .setHeaderParam("typ", "JWT")
                .setIssuedAt(Date.from(now.atZone(ZoneId.systemDefault()).toInstant()))
                .setNotBefore(Date.from(now.atZone(ZoneId.systemDefault()).toInstant()))
                .setExpiration(Date.from(now.plus(expireAfter).atZone(ZoneId.systemDefault()).toInstant()))
                .setSubject(subject)
                .setAudience(audience)
                .setIssuer(this.issuer)
                .setId(jtiCreator.nextId().toString());
        if (claims != null && !claims.isEmpty()) {
            builder.setClaims(claims);
        }
        return builder.signWith(key, algorithm)
                .compact();
    }
    /**
     * Creates a new token with the specified expiration time, subject, and
     * audience.
     *
     * @param expireAfter the duration after which the token will expire
     * @param audience    the audience for which the token is intended
     * @param subject     the subject of the token
     * @return the generated token as a {@code String}
     */
    @Override
    public String createToken(Duration expireAfter, String audience, String subject) {
        var now = LocalDateTime.now();
        return buildToken(expireAfter, audience, subject, now, null);
    }
    /**
     * Creates a new token with the specified expiration time, subject,
     * audience, and custom payload data.
     *
     * @param expireAfter the duration after which the token will expire
     * @param audience    the audience for which the token is intended
     * @param subject     the subject of the token
     * @param payload     the custom payload data to be included in the token
     * @return the generated token as a {@code String}
     */
    @Override
    public String createToken(Duration expireAfter, String audience, String subject, Map<String, Object> payload) {
        var now = LocalDateTime.now();
        return buildToken(expireAfter, audience, subject, now, payload);
    }
    /**
     * Creates a new token with the specified expiration time, subject,
     * audience, and strongly-typed payload data.
     *
     * @param expireAfter the duration after which the token will expire
     * @param audience    the audience for which the token is intended
     * @param subject     the subject of the token
     * @param payload     the strongly-typed payload data to be included in the
     *                    token
     * @return the generated token as a {@code String} or {@code null} if
     * creation fails
     * @see MapUtil#objectToMap(Object)
     */
    @Override
    public <T extends TokenPayload> String createToken(Duration expireAfter, String audience, String subject, T payload) {
        var now = LocalDateTime.now();
        try {
            var claims = MapUtil.objectToMap(payload);
            return buildToken(expireAfter, audience, subject, now, claims);
        } catch (IllegalAccessException e) {
            log.error("An error occurs while accessing the fields of the object");
        }
        return null;
    }
    /**
     * Resolves the given token into a ResolvedTokenType object.
     *
     * @param token the token to be resolved
     * @return a ResolvedTokenType object
     */
    @Override
    public Jws<Claims> resolve(String token) {
        return Jwts.parserBuilder()
                .setSigningKey(key)
                .build()
                .parseClaimsJws(token);
    }
    /**
     * Extracts the payload information from the given token and maps it to the
     * specified target type.
     *
     * @param token      the token from which to extract the payload
     * @param targetType the target class representing the payload data type
     * @return an instance of the specified target type with the extracted
     * payload data, or {@code null} if extraction fails.
     * @see MapUtil#mapToObject(Map, Class)
     */
    @Override
    public <T extends TokenPayload> T extract(String token, Class<T> targetType) {
        var resolvedToken = resolve(token);
        var claims = resolvedToken.getBody();
        try {
            return MapUtil.mapToObject(claims, targetType);
        } catch (InvocationTargetException e) {
            log.info("An error occurs while invoking the constructor of type {}.", targetType.getCanonicalName());
        } catch (NoSuchMethodException e) {
            log.error("The constructor of the required type {} is not found.", targetType.getCanonicalName());
        } catch (InstantiationException e) {
            log.error("The required type {} is abstract or an interface.", targetType.getCanonicalName());
        } catch (IllegalAccessException e) {
            log.error("An error occurs while accessing the fields of the object.");
        }
        return null;
    }
    /**
     * Renews the given expired token with the specified custom payload data.
     *
     * @param oldToken    the expired token to be renewed
     * @param expireAfter specify when does the new token invalid
     * @param payload     the custom payload data to be included in the renewed
     *                    token
     * @return the renewed token as a {@code String}
     */
    @Override
    public String renew(String oldToken, Duration expireAfter, Map<String, Object> payload) {
        var resolvedTokenClaims = resolve(oldToken).getBody();
        var audience = resolvedTokenClaims.getAudience();
        var subject = resolvedTokenClaims.getSubject();
        return createToken(expireAfter, audience, subject, payload);
    }
    /**
     * Renews the given expired token with the specified custom payload data.
     *
     * @param oldToken the expired token to be renewed
     * @param payload  the custom payload data to be included in the renewed
     *                 token
     * @return the renewed token as a {@code String}
     */
    @Override
    public String renew(String oldToken, Map<String, Object> payload) {
        return renew(oldToken, Duration.ofMinutes(30), payload);
    }
    /**
     * Renews the given expired token with the specified strongly-typed
     * payload data.
     *
     * @param oldToken    the expired token to be renewed
     * @param expireAfter specify when does the new token invalid
     * @param payload     the strongly-typed payload data to be included in the
     *                    renewed token
     * @return the renewed token as a {@code String}
     */
    @Override
    public <T extends TokenPayload> String renew(String oldToken, Duration expireAfter, T payload) {
        var resolvedTokenClaims = resolve(oldToken).getBody();
        var audience = resolvedTokenClaims.getAudience();
        var subject = resolvedTokenClaims.getSubject();
        return createToken(expireAfter, audience, subject, payload);
    }
    /**
     * Renews the given expired token with the specified strongly-typed
     * payload data.
     *
     * @param oldToken the expired token to be renewed
     * @param payload  the strongly-typed payload data to be included in the
     *                 renewed token
     * @return the renewed token as a {@code String}
     */
    @Override
    public <T extends TokenPayload> String renew(String oldToken, T payload) {
        return renew(oldToken, Duration.ofMinutes(30), payload);
    }
 }
@@ -0,0 +1,76 @@
 /*
 * Copyright (C) 2023 CodeCraftersCN.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package cn.org.codecrafters.simplejwt.jjwt.config;
 import cn.org.codecrafters.simplejwt.config.TokenResolverConfig;
 import cn.org.codecrafters.simplejwt.constants.TokenAlgorithm;
 import cn.org.codecrafters.simplejwt.exceptions.UnsupportedAlgorithmException;
 import io.jsonwebtoken.SignatureAlgorithm;
 import java.util.HashMap;
 import java.util.Map;
 /**
 * JjwtTokenResolverConfig
 *
 * @author Zihlu Wang
 */
 public final class JjwtTokenResolverConfig implements TokenResolverConfig<SignatureAlgorithm> {
    private JjwtTokenResolverConfig() {}
    private static final Map<TokenAlgorithm, SignatureAlgorithm> SUPPORTED_ALGORITHMS = new HashMap<>() {{
        put(TokenAlgorithm.HS256, SignatureAlgorithm.HS256);
        put(TokenAlgorithm.HS384, SignatureAlgorithm.HS384);
        put(TokenAlgorithm.HS512, SignatureAlgorithm.HS512);
    }};
    private static JjwtTokenResolverConfig instance;
    public static JjwtTokenResolverConfig getInstance() {
        if (instance == null) {
            instance = new JjwtTokenResolverConfig();
        }
        return instance;
    }
    /**
     * Gets the algorithm function corresponding to the specified
     * TokenAlgorithm.
     * <p>
     * This method returns the algorithm function associated with the given
     * TokenAlgorithm. The provided TokenAlgorithm represents the specific
     * algorithm for which the corresponding algorithm function is required.
     * The returned AlgorithmFunction represents the function implementation
     * that can be used by the TokenResolver to handle the specific algorithm.
     *
     * @param algorithm the TokenAlgorithm for which the algorithm function is
     *                  required
     * @return the algorithm function associated with the given TokenAlgorithm
     */
    @Override
    public SignatureAlgorithm getAlgorithm(TokenAlgorithm algorithm) {
        if (!SUPPORTED_ALGORITHMS.containsKey(algorithm)) {
            throw new UnsupportedAlgorithmException("""
                    The request algorithm is not supported by our system yet. Please change to supported ones.
                    """);
        }
        return SUPPORTED_ALGORITHMS.get(algorithm);
    }
 }
@@ -40,12 +40,42 @@
            <artifactId>simple-jwt-facade</artifactId>
        </dependency>
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>cn.org.codecrafters</groupId>
            <artifactId>simple-jwt-authzero</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-api</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-impl</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt-jackson</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>cn.org.codecrafters</groupId>
            <artifactId>simple-jwt-jjwt</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-autoconfigure</artifactId>
@@ -34,10 +34,9 @@ import org.springframework.context.annotation.Bean;
 /**
 * <p>
 * SimpleJwtAutoConfiguration is responsible for automatically configuring the
- * Simple JWT library when used in a Spring Boot application. It provides
+ * Simple JWT library with {@code com.auth0:java-jwt} when used in a Spring
- * default settings and configurations to ensure that the library works
+ * Boot application. It provides default settings and configurations to ensure
- * smoothly without requiring manual configuration.
+ * that the library works smoothly without requiring manual configuration.
 * 
 *
 * <p>
 * This auto-configuration class sets up the necessary beans and components
@@ -45,7 +44,6 @@ import org.springframework.context.annotation.Bean;
 * configures the {@link TokenResolver} bean based on the available options and
 * properties.
 *
 *
 * <p>
 * Developers using the Simple JWT library with Spring Boot do not need to
 * explicitly configure the library, as the auto-configuration takes care of
@@ -61,7 +59,9 @@ import org.springframework.context.annotation.Bean;
@Slf4j
@AutoConfiguration
@EnableConfigurationProperties(value = {SimpleJwtProperties.class})
-public class SimpleJwtAutoConfiguration {
+@ConditionalOnClass({DecodedJWT.class, AuthzeroTokenResolver.class})
@ConditionalOnMissingBean({TokenResolver.class})
 public class AuthzeroTokenResolverAutoConfiguration {
    /**
     * The GuidCreator instance to be used for generating JWT IDs (JTI).
@@ -81,7 +81,7 @@ public class SimpleJwtAutoConfiguration {
     * @param simpleJwtProperties the SimpleJwtProperties instance
     */
    @Autowired
-    public SimpleJwtAutoConfiguration(SimpleJwtProperties simpleJwtProperties, GuidCreator<?> jtiCreator) {
+    public AuthzeroTokenResolverAutoConfiguration(SimpleJwtProperties simpleJwtProperties, GuidCreator<?> jtiCreator) {
        this.jtiCreator = jtiCreator;
        this.simpleJwtProperties = simpleJwtProperties;
    }
@@ -96,14 +96,14 @@ public class SimpleJwtAutoConfiguration {
     * @return the {@link TokenResolver} instance
     */
    @Bean
    @ConditionalOnClass({DecodedJWT.class, AuthzeroTokenResolver.class})
    @ConditionalOnMissingBean({TokenResolver.class})
    @ConditionalOnBean(value = {GuidCreator.class}, name = "jtiCreator")
    public TokenResolver<DecodedJWT> tokenResolver() {
-        return new AuthzeroTokenResolver(this.jtiCreator,
+        return new AuthzeroTokenResolver(
                jtiCreator,
                simpleJwtProperties.algorithm(),
                simpleJwtProperties.issuer(),
-                simpleJwtProperties.secret());
+                simpleJwtProperties.secret()
        );
    }
 }
@@ -0,0 +1,111 @@
 /*
 * Copyright (C) 2023 CodeCraftersCN.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package cn.org.codecrafters.simplejwt.autoconfiguration;
 import cn.org.codecrafters.guid.GuidCreator;
 import cn.org.codecrafters.simplejwt.TokenResolver;
 import cn.org.codecrafters.simplejwt.authzero.AuthzeroTokenResolver;
 import cn.org.codecrafters.simplejwt.autoconfiguration.properties.SimpleJwtProperties;
 import cn.org.codecrafters.simplejwt.jjwt.JjwtTokenResolver;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jws;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 /**
 * <p>
 * JjwtTokenResolverAutoConfiguration is responsible for automatically
 * configuring the Simple JWT library with {@code io.jsonwebtoken:jjwt-api}
 * when used in a Spring Boot application. It provides default settings and
 * configurations to ensure that the library works smoothly without requiring
 * manual configuration.
 *
 * <p>
 * This auto-configuration class sets up the necessary beans and components
 * required for JWT generation and validation. It automatically creates and
 * configures the {@link TokenResolver} bean based on the available options and
 * properties.
 *
 * <p>
 * Developers using the Simple JWT library with Spring Boot do not need to
 * explicitly configure the library, as the auto-configuration takes care of
 * setting up the necessary components and configurations automatically.
 * However, developers still have the flexibility to customize the behavior of
 * the library by providing their own configurations and properties.
 *
 * @author Zihlu Wang
 * @version 1.0.0
 * @since 1.0.0
 */
@Slf4j
@AutoConfiguration
@EnableConfigurationProperties(value = {SimpleJwtProperties.class})
@ConditionalOnClass({Jws.class, Claims.class, JjwtTokenResolver.class})
@ConditionalOnMissingBean({TokenResolver.class})
 public class JjwtTokenResolverAutoConfiguration {
    /**
     * The GuidCreator instance to be used for generating JWT IDs (JTI).
     */
    private final GuidCreator<?> jtiCreator;
    /**
     * The {@code SimpleJwtProperties} instance containing the configuration
     * properties for Simple JWT.
     */
    private final SimpleJwtProperties simpleJwtProperties;
    /**
     * Constructs a new {@code SimpleJwtAutoConfiguration} instance with the
     * provided SimpleJwtProperties.
     *
     * @param simpleJwtProperties the SimpleJwtProperties instance
     */
    @Autowired
    public JjwtTokenResolverAutoConfiguration(SimpleJwtProperties simpleJwtProperties, GuidCreator<?> jtiCreator) {
        this.jtiCreator = jtiCreator;
        this.simpleJwtProperties = simpleJwtProperties;
    }
    /**
     * Creates a new {@link TokenResolver} bean using {@link
     * JjwtTokenResolver} if no existing {@link TokenResolver} bean is
     * found. The {@link JjwtTokenResolver} is configured with the
     * provided {@link GuidCreator}, {@code algorithm}, {@code issuer}, and
     * {@code secret} properties from {@link SimpleJwtProperties}.
     *
     * @return the {@link TokenResolver} instance
     */
    @Bean
    @ConditionalOnBean(value = {GuidCreator.class}, name = "jtiCreator")
    public TokenResolver<Jws<Claims>> tokenResolver() {
        return new JjwtTokenResolver(
                jtiCreator,
                simpleJwtProperties.algorithm(),
                simpleJwtProperties.issuer(),
                simpleJwtProperties.secret()
        );
    }
 }
@@ -17,6 +17,8 @@
 package cn.org.codecrafters.simplejwt.autoconfiguration.properties;
 import cn.org.codecrafters.simplejwt.SecretCreator;
 import cn.org.codecrafters.simplejwt.autoconfiguration.AuthzeroTokenResolverAutoConfiguration;
 import cn.org.codecrafters.simplejwt.constants.TokenAlgorithm;
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -32,7 +34,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 * <p>
 * SimpleJwtProperties provides configuration options for the JWT algorithm,
 * issuer, and secret. The properties are used by the {@link
- * cn.org.codecrafters.simplejwt.autoconfiguration.SimpleJwtAutoConfiguration}
+ * AuthzeroTokenResolverAutoConfiguration}
 * class to set up the necessary configurations for JWT generation and
 * validation.
 * 
@@ -51,19 +53,23 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 public class SimpleJwtProperties {
    /**
-     * The algorithm used for JWT generation and validation.
+     * The algorithm used for JWT generation and validation. Default value is
     * {@link TokenAlgorithm#HS256}
     */
-    private TokenAlgorithm algorithm;
+    private TokenAlgorithm algorithm = TokenAlgorithm.HS256;
    /**
-     * The issuer value to be included in the generated JWT.
+     * The issuer value to be included in the generated JWT. Default value is
     * an empty String.
     */
-    private String issuer;
+    private String issuer = "";
    /**
-     * The secret key used for JWT generation and validation.
+     * The secret key used for JWT generation and validation. Default value is
     * the result of call to {@link
     * SecretCreator#createSecret(int, boolean, boolean, boolean)}.
     */
-    private String secret;
+    private String secret = SecretCreator.createSecret(32, true, true, true);
    /**
     * Returns the JWT algorithm configured in the properties.
@@ -1,2 +1,3 @@
 cn.org.codecrafters.simplejwt.autoconfiguration.GuidAutoConfiguration
-cn.org.codecrafters.simplejwt.autoconfiguration.SimpleJwtAutoConfiguration
+cn.org.codecrafters.simplejwt.autoconfiguration.AuthzeroTokenResolverAutoConfiguration
 cn.org.codecrafters.simplejwt.autoconfiguration.JjwtTokenResolverAutoConfiguration