diff --git a/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/OpenApiConfiguration.java b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/OpenApiConfiguration.java
index c18dba37d5..40dda5e708 100644
--- a/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/OpenApiConfiguration.java
+++ b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/OpenApiConfiguration.java
@@ -1,7 +1,10 @@
 package pro.taskana.example.boot;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
 import io.swagger.v3.oas.models.media.ArraySchema;
 import io.swagger.v3.oas.models.media.ObjectSchema;
 import io.swagger.v3.oas.models.media.StringSchema;
@@ -18,8 +21,7 @@
             title = "TASKANA RESTful API Documentation",
             version = "8.2.0",
             description =
-                ""
-                    + "<h1>Overview</h1>"
+                "<h1>Overview</h1>"
                     + "<p>"
                     + "This is the REST documentation for [TASKANA](http://taskana.pro) - the "
                     + "world’s first open source solution for Enterprise Task Management."
@@ -340,7 +342,9 @@
                     + "<td>String</td>"
                     + "</tr>"
                     + "</tbody>"
-                    + "</table>"))
+                    + "</table>"),
+    security = {@SecurityRequirement(name = "basicAuth")})
+@SecurityScheme(name = "basicAuth", type = SecuritySchemeType.HTTP, scheme = "basic")
 public class OpenApiConfiguration {
   @Bean
   public OpenApiCustomizer openApiCustomizer() {
diff --git a/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/security/BootWebSecurityConfigurer.java b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/security/BootWebSecurityConfigurer.java
index a7b0becd85..3a8befa71b 100644
--- a/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/security/BootWebSecurityConfigurer.java
+++ b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/example/boot/security/BootWebSecurityConfigurer.java
@@ -73,8 +73,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 authorizeHttpRequests
                     .requestMatchers("/css/**", "/img/**")
                     .permitAll()
+                    .requestMatchers(HttpMethod.GET, "/docs/**")
+                    .permitAll()
                     .requestMatchers(
-                        HttpMethod.GET, "/docs/**", "/api-docs*")
+                        HttpMethod.GET,
+                        "/api-docs",
+                        "/api-docs/**",
+                        "/swagger-ui",
+                        "/swagger-ui/**")
                     .permitAll())
         .cors(Customizer.withDefaults())
         .addFilter(jaasApiIntegrationFilter())
diff --git a/rest/taskana-rest-spring-example-boot/src/main/resources/application.properties b/rest/taskana-rest-spring-example-boot/src/main/resources/application.properties
index a7aff6af69..0d5d6ff893 100644
--- a/rest/taskana-rest-spring-example-boot/src/main/resources/application.properties
+++ b/rest/taskana-rest-spring-example-boot/src/main/resources/application.properties
@@ -33,7 +33,7 @@ taskana.schemaName=TASKANA
 ####### property that control rest api security deploy use true for no security.
 devMode=false
 # This property enables the support of XSRF tokens. This will not work together with devMode.
-enableCsrf=true
+enableCsrf=false
 ####### property that control if the database is cleaned and sample data is generated
 generateSampleData=true
 ####### cache static resources properties