na hora de chamar o http://localhost:8080/auth da erro 403 Forbidden, pelo que entendi ele tenta autenticar um token, ou seja, ele ignorando o permitAll()
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, "/auth").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilterBefore(new JwAuthenticationtFilter(tokenService), UsernamePasswordAuthenticationFilter.class);
}