一：工作流引擎增加过滤器

/**
 * 对/engine-rest/*进行鉴权，防止非法攻击
 * 客户端调用需要配置用户凭证否则报错401
 * camunda.bpm.client.basic-auth.username=
 * camunda.bpm.client.basic-auth.password=
 */
@Configuration
public class AuthFilterConfig implements ServletContextInitializer {
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        FilterRegistration.Dynamic authFilter = servletContext.addFilter("camunda-auth", ProcessEngineAuthenticationFilter.class);
        authFilter.setAsyncSupported(true);
        authFilter.setInitParameter("authentication-provider","org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider");
        authFilter.addMappingForUrlPatterns(null,true,"/engine-rest/*");
    }
}

二：客户端配置账号

camunda:
  bpm:
    client:
      base-url: http://localhost:8080/engine-rest
      max-tasks: 1
      worker-id: springboot-camunda-client
      async-response-timeout: 20000
      lock-duration: 10000
      basic-auth:
        username: admin
        password: 123456