Assuming on the code you provide in the question, there is lack of Spring Security Filter, which would authenticate the request. Your security filter chain might be such as:

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http, MyCustomJwtAuthenticationFilter jwtFilter) throws Exception {
        http.csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/api/auth/register", "/api/auth/login").permitAll()
                        .requestMatchers("/api/game/**").authenticated()
                        .anyRequest().authenticated()
                        .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class));

        http.sessionManagement(session -> session
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS));

        return http.build();
    }

Emphasize your attention on .addFilterBefore, here you will use your filter to authenticate your request.

Example of implementing JWT: https://medium.com/@tericcabrel/implement-jwt-authentication-in-a-spring-boot-3-application-5839e4fd8fac

Resource for learning more about Spring Filters: https://docs.spring.io/spring-security/reference/servlet/architecture.html