Springboot集成shiro的自定义拦截器问题

之前用spring去集成的时候，用xml配置自定义拦截器，完全没问题。但是换成了springboot就出现了配置了自定义拦截器后所有静态资源全部被拦截，js、css这些。
以下是之前用xml配的正常拦截。

<bean id="shiroFilter"
          class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <!--引用指定的安全管理器-->
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login.html"/>
        <property name="filterChainDefinitions">
            <value>
                /js/**=anon
                /css/**=anon
                /logout.do=logout
                /**=authc
            </value>
        </property>
        <!--设置当前使用的认证过滤器-->
        <property name="filters">
            <map>
                <entry key="authc" value-ref="crmFormAuthenticationFilter"/>
            </map>
        </property>
    </bean>

以下是springboot配置类配的，配置后所有的静态文件全部被拦截（未配置情况下“anon”静态资源正常访问）

@Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/static/index.html");
        shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        // <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
        //主要这行代码必须放在所有权限设置的最后，不然会导致所有 url 都被拦截 剩余的都需要认证
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        HashMap<String, Filter> filters = new HashMap<>();
        filters.put("authc",crmFormAuthenticationFilter());
        shiroFilterFactoryBean.setFilters(filters);
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/**", "authc");
        return shiroFilterFactoryBean;
    }

以下是自定义拦截器

public class CRMFormAuthenticationFilter extends FormAuthenticationFilter {

    @Override
    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
        String msg = "";
        if(e instanceof UnknownAccountException){
            msg = "帐号错误";
        }else if(e instanceof IncorrectCredentialsException){
            msg = "密码错误";
        }else{
            msg = "未知错误";
        }
        e.printStackTrace();
        response.setContentType("text/json;charset=UTF-8");
        try {
            JsonResult result = new JsonResult();
            result.mark(msg);
            response.getWriter().print(JSON.toJSONString(result));
        }catch (Exception e1){
            e1.printStackTrace();
        }
        return false;
    }

    @Override
    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
        response.setContentType("text/json;charset=UTF-8");
        response.getWriter().print(JSON.toJSONString(new JsonResult()));
        return false;
    }
}

望指点，感激不尽！

有没有跨域操作呢？跨域的话要做跨域设置