diff --git a/build.gradle b/build.gradle
index ad661979c480219f7269e6f2ddab451fa8beb3ad..604e8b6fc3dea05c4adc7b1cb0fc271c14c3b173 100644
--- a/build.gradle
+++ b/build.gradle
@@ -124,6 +124,7 @@ configurations {
     all*.exclude group: 'edu.ucar', module: 'netcdf'
     all*.exclude group: 'javax.jms', module: 'jms'
     all*.exclude group: 'javax.mail', module: 'mail'
+    all*.exclude group: 'javax.servlet', module: 'servlet-api'
     all*.exclude group: 'javax.sql', module: 'jdbc-stdext'
     all*.exclude group: 'javax.transaction', module: 'jta'
     all*.exclude group: 'jdbc', module: 'jdbc'
diff --git a/src/main/java/org/nrg/xapi/config/SwaggerConfig.java b/src/main/java/org/nrg/xapi/configuration/SwaggerConfig.java
similarity index 97%
rename from src/main/java/org/nrg/xapi/config/SwaggerConfig.java
rename to src/main/java/org/nrg/xapi/configuration/SwaggerConfig.java
index d5f5a43afac79788269296f51e0a886b65a5c444..ff7ae3b96612d6f7e3006c0cd3ad993b88aa1f72 100644
--- a/src/main/java/org/nrg/xapi/config/SwaggerConfig.java
+++ b/src/main/java/org/nrg/xapi/configuration/SwaggerConfig.java
@@ -1,4 +1,4 @@
-package org.nrg.xapi.config;
+package org.nrg.xapi.configuration;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
diff --git a/src/main/java/org/nrg/xapi/config/WebConfig.java b/src/main/java/org/nrg/xapi/configuration/WebConfig.java
similarity index 98%
rename from src/main/java/org/nrg/xapi/config/WebConfig.java
rename to src/main/java/org/nrg/xapi/configuration/WebConfig.java
index 721d2e38d77b530f97b94b38c8919bb69ca01c46..47e3cd4b0b6ade80061e53d0dd4b9e628447effc 100644
--- a/src/main/java/org/nrg/xapi/config/WebConfig.java
+++ b/src/main/java/org/nrg/xapi/configuration/WebConfig.java
@@ -1,4 +1,4 @@
-package org.nrg.xapi.config;
+package org.nrg.xapi.configuration;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/main/java/org/nrg/xnat/configuration/RootConfig.java b/src/main/java/org/nrg/xnat/configuration/RootConfig.java
index b60eea21206f0601fe11299a715b9cca97056b1f..7307d849637bd661361a856e6af23d860676b8bd 100644
--- a/src/main/java/org/nrg/xnat/configuration/RootConfig.java
+++ b/src/main/java/org/nrg/xnat/configuration/RootConfig.java
@@ -23,8 +23,7 @@ import java.util.List;
         "org.nrg.xdat.daos",
         "org.nrg.xdat.services",
         "org.nrg.xft.daos",
-        "org.nrg.xft.services",
-        "org.nrg.xapi.config",
+        "org.nrg.xft.services", "org.nrg.xapi.configuration",
         "org.nrg.xnat.helpers.merge",
         "org.nrg.xnat.services",
         "org.nrg.prefs.repositories",
diff --git a/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java b/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
index d05baf5106aa9082a5c1dbe1a4fd218873b3b3b8..b1d2a3a991dff3fb3e470ebcc66955be91d2e086 100644
--- a/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
+++ b/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
@@ -38,8 +38,8 @@ public class XnatAuthenticationFilter extends UsernamePasswordAuthenticationFilt
 
     @Override
     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-        String username = request.getParameter("j_username");
-        String password = request.getParameter("j_password");
+        String username = StringUtils.isNotBlank(request.getParameter("username")) ? request.getParameter("username") : request.getParameter("j_username");
+        String password = StringUtils.isNotBlank(request.getParameter("password")) ? request.getParameter("password") : request.getParameter("j_password");
 
         // If we didn't find a username
         if (StringUtils.isBlank(username)) {
diff --git a/src/main/webapp/WEB-INF/conf/xnat-security.xml b/src/main/webapp/WEB-INF/conf/xnat-security.xml
index f41031e5f4d5db11876f852f48fd597139f86ecd..538b37611cae423532e8d3b7f8cfc4f840832df7 100644
--- a/src/main/webapp/WEB-INF/conf/xnat-security.xml
+++ b/src/main/webapp/WEB-INF/conf/xnat-security.xml
@@ -78,6 +78,7 @@
     <bean id="xnatLogoutHandler" class="org.nrg.xnat.security.XnatLogoutHandler"/>
 
     <security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
+        <security:csrf disabled="true"/>
         <security:custom-filter position="CHANNEL_FILTER" ref="channelProcessingFilter"/>
         <security:custom-filter before="FORM_LOGIN_FILTER" ref="customAuthenticationFilter"/>
         <security:custom-filter after="BASIC_AUTH_FILTER" ref="customBasicAuthenticationFilter"/>
@@ -223,7 +224,7 @@
                 <value>/app/template/XDATScreen_UpdateUser.vm</value>
                 <value>/app/action/ModifyPassword</value>
                 <value>/app/template/Login.vm</value>
-                <value>/j_spring_security_check</value>
+                <value>/login</value>
             </list>
         </property>
     </bean>
diff --git a/src/main/webapp/xdat-templates/screens/Login.vm b/src/main/webapp/xdat-templates/screens/Login.vm
index d90eddc7043203887407d71661b0b972bc18ec9e..278fb5ff36510253ef05ed247480f66606012496 100644
--- a/src/main/webapp/xdat-templates/screens/Login.vm
+++ b/src/main/webapp/xdat-templates/screens/Login.vm
@@ -5,7 +5,7 @@ $page.addAttribute("onLoad", "document.getElementById('username').focus();")
 <div valign="top">
     <br>
     <br>
-    <form name="form1" method="post" action="$content.getURI("/j_spring_security_check")">
+    <form name="form1" method="post" action="$content.getURI("/login")">
         <table valign="top" align="center">
             #if ( $data.getMessage() && $data.getMessage()!="" )
                 <tr><td colspan="2"><div class="error">$data.getMessage()</div><br><br>
diff --git a/src/main/webapp/xnat-templates/screens/Login.vm b/src/main/webapp/xnat-templates/screens/Login.vm
index a226b370807ce7b8907db6ea7e93ebb4f3f078f6..e741ef93a10170325ea046cab38c7cb0793df72d 100644
--- a/src/main/webapp/xnat-templates/screens/Login.vm
+++ b/src/main/webapp/xnat-templates/screens/Login.vm
@@ -67,7 +67,7 @@ $page.setTitle("$siteId - Please Login")
         </div>
         <hr style="margin: 2em 0" />
         <div id="login_box">
-            <form name="form1" method="post" action="$content.getURI("/j_spring_security_check")" class="friendlyForm" id="login_form">
+            <form name="form1" method="post" action="$content.getURI("/login")" class="friendlyForm" id="login_form">
                 #if($login_methods && $login_methods.size() == 0)
                     <input type="hidden" id="login_method" name="login_method" value="Database">
                 #elseif($login_methods && $login_methods.size() > 1)
@@ -79,10 +79,10 @@ $page.setTitle("$siteId - Please Login")
                     </select>
                 #end
                 <p><label for="username">User</label>
-                    <input type="text" id="username" name="j_username"></p>
+                    <input type="text" id="username" name="username"></p>
 
                 <p><label for="password">Password</label>
-                    <input type="password" name="j_password" autocomplete="off"></p>
+                    <input type="password" name="password" autocomplete="off"></p>
 
                 <p class="form-submit">
                         <span id="register_forgot">
@@ -142,7 +142,7 @@ $page.setTitle("$siteId - Please Login")
             </div>
         #end
 
-        <form name="form1" method="post" action="$content.getURI("/j_spring_security_check")" class="friendlyForm" id="login_form">
+        <form name="form1" method="post" action="$content.getURI("/login")" class="friendlyForm" id="login_form">
             #if($login_methods && $login_methods.size() == 0)
                 <input type="hidden" id="login_method" name="login_method" value="Database">
             #elseif($login_methods && $login_methods.size() > 1)
@@ -154,10 +154,10 @@ $page.setTitle("$siteId - Please Login")
                 </select>
             #end
             <p><label for="username">User</label>
-                <input type="text" id="username" name="j_username"></p>
+                <input type="text" id="username" name="username"></p>
 
             <p><label for="password">Password</label>
-                <input type="password" name="j_password" autocomplete="off"></p>
+                <input type="password" name="password" autocomplete="off"></p>
 
             <p class="form-submit">
             <span id="register_forgot">
diff --git a/src/main/webapp/xnat-templates/screens/login_box.vm b/src/main/webapp/xnat-templates/screens/login_box.vm
index cb948c604e0a0d6e2825fc7c129dd87840e2e137..7c040abf84c41d8cd598070cc88909c60298fe20 100644
--- a/src/main/webapp/xnat-templates/screens/login_box.vm
+++ b/src/main/webapp/xnat-templates/screens/login_box.vm
@@ -1,5 +1,5 @@
 #* @vtlvariable name="login_methods" type="java.util.List" *#
-<form name="form1" method="post" action="$content.getURI('')/j_spring_security_check">
+<form name="form1" method="post" action="$content.getURI('')/login">
     #set($showLoginMethodRow = true)
     #if(!($login_methods) || $login_methods.size() == 1)
         <input type="hidden" id="login_method" name="login_method" value="$login_methods.get(0)"/>
@@ -21,11 +21,11 @@
     #end
     <tr>
       #formLabel("User")
-  	  <td><input type="text" id="username" name="j_username"></td>
+  	  <td><input type="text" id="username" name="username"></td>
     </tr>
     <tr>
     	#formLabel("Password")
-  	  <td><input type="password" name="j_password" autocomplete="off"></td>
+  	  <td><input type="password" name="password" autocomplete="off"></td>
     </tr>
     <tr>
       <td></td>