diff --git a/ultimates/ultimate-common/src/string.rs b/ultimates/ultimate-common/src/string.rs
index b2ddc25..9829995 100644
--- a/ultimates/ultimate-common/src/string.rs
+++ b/ultimates/ultimate-common/src/string.rs
@@ -65,7 +65,7 @@ pub fn ser_vecu8_to_str<S>(v: &[u8], s: S) -> core::result::Result<S::Ok, S::Err
 where
     S: Serializer,
 {
-    let string = std::str::from_utf8(v).unwrap();
+    let string = std::str::from_utf8(v).map_err(serde::ser::Error::custom)?;
     s.serialize_str(string)
 }
 
diff --git a/ultimates/ultimate/src/configuration/default.toml b/ultimates/ultimate/src/configuration/default.toml
index b2008d9..f9c1b7b 100644
--- a/ultimates/ultimate/src/configuration/default.toml
+++ b/ultimates/ultimate/src/configuration/default.toml
@@ -13,11 +13,11 @@ expires_in = 7200
 secret_key = "0123456789ABCDEF0123456789ABCDEF"
 public_key = """-----BEGIN PUBLIC KEY-----
 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOTv4YquENmDfXoSN0TQiOqmgR1Px
-        UDTicuyW06VcX/XOkXp/6vmIIBFUXVWREJmQy7EIhNXM1qCy7Hs6SK9y7A==
+UDTicuyW06VcX/XOkXp/6vmIIBFUXVWREJmQy7EIhNXM1qCy7Hs6SK9y7A==
 -----END PUBLIC KEY-----"""
 private_key = """-----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbMlaUVhOz9IHvlxT
-        4i7Wm6cmubzzGZr/PNNME25ZVNuhRANCAAQ5O/hiq4Q2YN9ehI3RNCI6qaBHU/FQ
+4i7Wm6cmubzzGZr/PNNME25ZVNuhRANCAAQ5O/hiq4Q2YN9ehI3RNCI6qaBHU/FQ
 NOJy7JbTpVxf9c6Ren/q+YggEVRdVZEQmZDLsQiE1czWoLLsezpIr3Ls
 -----END PRIVATE KEY-----"""
 
diff --git a/ultimates/ultimate/src/configuration/mod.rs b/ultimates/ultimate/src/configuration/mod.rs
index 8376633..d444eef 100644
--- a/ultimates/ultimate/src/configuration/mod.rs
+++ b/ultimates/ultimate/src/configuration/mod.rs
@@ -28,7 +28,7 @@ impl ConfigState {
     /// # Examples
     ///
     /// ```rust
-    /// # use ultimate::configuration::*;
+    /// # use ultimate::configuration::{ConfigState, model::*};
     /// # fn test_config_state_from_env() {
     /// // 两个下划线作为层级分隔符
     /// std::env::set_var("ULTIMATE__WEB__SERVER_ADDR", "0.0.0.0:8000");
@@ -42,19 +42,19 @@ impl ConfigState {
     /// let config_state = ConfigState::load().unwrap();
     /// let qc = config_state.ultimate_config();
     ///
-    /// assert_eq!(qc.pwd_key, b"80c9a35c0f231219ca14c44fe10c728d");
+    /// assert_eq!(qc.security().pwd().pwd_key(), b"80c9a35c0f231219ca14c44fe10c728d");
     /// assert_eq!(
-    ///     qc.token_key,
-    ///     b"--8462b1ec9af827ebed13926f8f1e5409774fa1a21a1c8f726a4a34cf7dcabaf2"
+    ///     qc.security().token().secret_key(),
+    ///     b"8462b1ec9af827ebed13926f8f1e5409774fa1a21a1c8f726a4a34cf7dcabaf2"
     /// );
     ///
     /// // 由默认配置文件提供
-    /// assert_eq!(&qc.web().server_addr, "0.0.0.0:8000");
-    /// assert_eq!(&qc.app().name, "ultimate");
+    /// assert_eq!(qc.web().server_addr(), "0.0.0.0:8000");
+    /// assert_eq!(qc.app().name(), "ultimate");
     /// # }
     /// ```
     ///
-    pub(crate) fn load() -> Result<Self> {
+    pub fn load() -> Result<Self> {
         let c = load_config()?;
         let ultimate_config = UltimateConfig::try_from(&c)?;
         Ok(Self::new(Arc::new(c), Arc::new(ultimate_config)))
diff --git a/ultimates/ultimate/src/configuration/model/security_config.rs b/ultimates/ultimate/src/configuration/model/security_config.rs
index 65311cd..2db84c6 100644
--- a/ultimates/ultimate/src/configuration/model/security_config.rs
+++ b/ultimates/ultimate/src/configuration/model/security_config.rs
@@ -72,10 +72,10 @@ pub struct TokenConf {
     pub(crate) expires_in: i64,
 
     #[serde(deserialize_with = "deser_str_to_vecu8", serialize_with = "ser_vecu8_to_str")]
-    public_key: Vec<u8>,
+    pub(crate) public_key: Vec<u8>,
 
     #[serde(deserialize_with = "deser_str_to_vecu8", serialize_with = "ser_vecu8_to_str")]
-    private_key: Vec<u8>,
+    pub(crate) private_key: Vec<u8>,
 }
 
 impl TokenConf {
diff --git a/ultimates/ultimate/src/security/jose.rs b/ultimates/ultimate/src/security/jose.rs
index f1fa31d..6454c6b 100644
--- a/ultimates/ultimate/src/security/jose.rs
+++ b/ultimates/ultimate/src/security/jose.rs
@@ -79,19 +79,15 @@ pub fn decode_jwt_hs256(
 
 #[cfg(test)]
 mod tests {
-    use std::{
-        sync::OnceLock,
-        time::{Duration, SystemTime},
-    };
-
-    use ultimate_common::string;
-
+    use super::*;
     use crate::configuration::{
         load_config,
         model::{KeyConf, SecruityConfig},
     };
-
-    use super::*;
+    use std::{
+        sync::OnceLock,
+        time::{Duration, SystemTime},
+    };
 
     #[test]
     fn test_jwe_ecdh_es() -> anyhow::Result<()> {
@@ -116,19 +112,19 @@ mod tests {
 
     #[test]
     fn test_jwe_dir() -> anyhow::Result<()> {
-        let (sc, expires_at) = helper();
+        let secret_key = b"0123456789ABCDEF0123456789ABCDEF";
+        let expires_at = SystemTime::now() + Duration::from_secs(60 * 60 * 24);
 
         let mut jwt_payload = JwtPayload::new();
         jwt_payload.set_subject("subject");
-        jwt_payload.set_expires_at(expires_at);
+        jwt_payload.set_expires_at(&expires_at);
 
         // Encrypting JWT
-        println!("secret key is {}", string::b64u_encode(sc.token().secret_key()));
-        let jwt = encrypt_jwe_dir(sc.token().secret_key(), &jwt_payload).unwrap();
+        let jwt = encrypt_jwe_dir(secret_key, &jwt_payload).unwrap();
         println!("Encrypting JWT with DIR signre is: {}", jwt);
 
         // Decrypting JWT
-        let (payload, header) = decrypt_jwe_dir(sc.token().secret_key(), jwt).unwrap();
+        let (payload, header) = decrypt_jwe_dir(secret_key, jwt).unwrap();
         println!("Encrypting JWT with DIR JwsHeader is: {:?}", header);
         println!("Encrypting JWT with DIR JwtPayload is: {:?}", payload);