diff --git c/core/modules/system/lib/Drupal/system/Controller/ThemeController.php w/core/modules/system/lib/Drupal/system/Controller/ThemeController.php
index d46e4cf..39749e8 100644
--- c/core/modules/system/lib/Drupal/system/Controller/ThemeController.php
+++ w/core/modules/system/lib/Drupal/system/Controller/ThemeController.php
@@ -8,42 +8,16 @@
 namespace Drupal\system\Controller;
 
 use Drupal\Core\Config\Config;
-use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
-use Symfony\Component\DependencyInjection\ContainerInterface;
-use Symfony\Component\HttpFoundation\RedirectResponse;
+use Drupal\Core\Controller\ControllerBase;
+use Drupal\Core\Access\CsrfTokenGenerator;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\HttpFoundation\RedirectResponse;
 
 /**
  * Controller for theme handling.
  */
-class ThemeController implements ContainerInjectionInterface {
-
-  /**
-   * The system.theme config object.
-   *
-   * @var \Drupal\Core\Config\Config
-   */
-  protected $config;
-
-  /**
-   * Constructs a ThemeController object.
-   *
-   * @param \Drupal\Core\Config\Config $config
-   *   The config.
-   */
-  public function __construct(Config $config) {
-    $this->config = $config;
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public static function create(ContainerInterface $container) {
-    return new static(
-      $container->get('config.factory')->get('system.theme')
-    );
-  }
+class ThemeController extends ControllerBase {
 
   /**
    * Disables a theme.
@@ -61,27 +35,29 @@ public static function create(ContainerInterface $container) {
   public function disable(Request $request) {
     $theme = $request->get('theme');
     $token = $request->get('token');
+    $config = $this->config('system.theme');
 
-    if (isset($theme) && isset($token) && drupal_valid_token($token, 'system-theme-operation-link')) {
+    if (isset($theme) && isset($token) && $this->getTokenGenerator()->validate($token, 'system-theme-operation-link')) {
       // Get current list of themes.
       $themes = list_themes();
 
       // Check if the specified theme is one recognized by the system.
       if (!empty($themes[$theme])) {
         // Do not disable the default or admin theme.
-        if ($theme === $this->config->get('default') || $theme === $this->config->get('admin')) {
-          drupal_set_message(t('%theme is the default theme and cannot be disabled.', array('%theme' => $themes[$theme]->info['name'])), 'error');
+        if ($theme === $config->get('default') || $theme === $config->get('admin')) {
+          drupal_set_message($this->t('%theme is the default theme and cannot be disabled.', array('%theme' => $themes[$theme]->info['name'])), 'error');
         }
         else {
           theme_disable(array($theme));
-          drupal_set_message(t('The %theme theme has been disabled.', array('%theme' => $themes[$theme]->info['name'])));
+          drupal_set_message($this->t('The %theme theme has been disabled.', array('%theme' => $themes[$theme]->info['name'])));
         }
       }
       else {
-        drupal_set_message(t('The %theme theme was not found.', array('%theme' => $theme)), 'error');
+        drupal_set_message($this->t('The %theme theme was not found.', array('%theme' => $theme)), 'error');
       }
 
-      return new RedirectResponse(url('admin/appearance', array('absolute' => TRUE)));
+      // @todo switch to $this->redirect when admin/appearance converted.
+      return new RedirectResponse($this->urlGenerator()->generateFromPath('admin/appearance', array('absolute' => TRUE)));
     }
 
     throw new AccessDeniedHttpException();
@@ -104,23 +80,99 @@ public function enable(Request $request) {
     $theme = $request->get('theme');
     $token = $request->get('token');
 
-    if (isset($theme) && isset($token) && drupal_valid_token($token, 'system-theme-operation-link')) {
+    if (isset($theme) && isset($token) && $this->getTokenGenerator()->validate($token, 'system-theme-operation-link')) {
       // Get current list of themes.
       $themes = list_themes(TRUE);
 
       // Check if the specified theme is one recognized by the system.
       if (!empty($themes[$theme])) {
         theme_enable(array($theme));
-        drupal_set_message(t('The %theme theme has been enabled.', array('%theme' => $themes[$theme]->info['name'])));
+        drupal_set_message($this->t('The %theme theme has been enabled.', array('%theme' => $themes[$theme]->info['name'])));
       }
       else {
-        drupal_set_message(t('The %theme theme was not found.', array('%theme' => $theme)), 'error');
+        drupal_set_message($this->t('The %theme theme was not found.', array('%theme' => $theme)), 'error');
       }
 
-      return new RedirectResponse(url('admin/appearance', array('absolute' => TRUE)));
+      // @todo switch to $this->redirect when admin/appearance converted.
+      return new RedirectResponse($this->urlGenerator()->generateFromPath('admin/appearance', array('absolute' => TRUE)));
     }
 
     throw new AccessDeniedHttpException();
   }
 
+  /**
+   * Set the default theme.
+   *
+   * @param \Symfony\Component\HttpFoundation\Request $request
+   *   A request object containing a theme name and a valid token.
+   *
+   * @return \Symfony\Component\HttpFoundation\RedirectResponse
+   *   Redirects back to the appearance admin page.
+   *
+   * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
+   *   Throws access denied when no theme or token is set in the request or when
+   *   the token is invalid.
+   */
+  public function defaultTheme(Request $request) {
+    $config = $this->config('system.theme');
+
+    $theme = $request->query->get('theme');
+    $token = $request->query->get('token');
+    if (isset($theme) && isset($token) && $this->getTokenGenerator()->validate($token, 'system-theme-operation-link')) {
+      // Get current list of themes.
+      $themes = list_themes();
+
+      // Check if the specified theme is one recognized by the system.
+      if (!empty($themes[$theme])) {
+        // Enable the theme if it is currently disabled.
+        if (empty($themes[$theme]->status)) {
+          theme_enable(array($theme));
+        }
+
+        // Set the default theme.
+        $config->set('default', $theme)->save();
+
+        // Rebuild the menu. This duplicates the menu_router_rebuild() in
+        // theme_enable(). However, modules must know the current default theme in
+        // order to use this information in hook_menu() or hook_menu_alter()
+        // implementations, and doing the variable_set() before the theme_enable()
+        // could result in a race condition where the theme is default but not
+        // enabled.
+        menu_router_rebuild();
+
+        // The status message depends on whether an admin theme is currently in use:
+        // a value of 0 means the admin theme is set to be the default theme.
+        $admin_theme = $config->get('admin');
+        if ($admin_theme != 0 && $admin_theme != $theme) {
+          drupal_set_message($this->t('Please note that the administration theme is still set to the %admin_theme theme; consequently, the theme on this page remains unchanged. All non-administrative sections of the site, however, will show the selected %selected_theme theme by default.', array(
+            '%admin_theme' => $themes[$admin_theme]->info['name'],
+            '%selected_theme' => $themes[$theme]->info['name'],
+          )));
+        }
+        else {
+          drupal_set_message($this->t('%theme is now the default theme.', array('%theme' => $themes[$theme]->info['name'])));
+        }
+      }
+      else {
+        drupal_set_message($this->t('The %theme theme was not found.', array('%theme' => $theme)), 'error');
+      }
+      // @todo switch to $this->redirect when admin/appearance converted.
+      return new RedirectResponse($this->urlGenerator()->generateFromPath('admin/appearance', array('absolute' => TRUE)));
+    }
+    throw new AccessDeniedHttpException();
+  }
+
+  /**
+   * Gets Token Generator Service.
+   *
+   * @return \Drupal\Core\Access\CsrfTokenGenerator
+   **/
+  public function getTokenGenerator()
+  {
+    if (empty($this->tokenGenerator)) {
+      $this->tokenGenerator = $this->container->get('csrf_token');
+    }
+    return $this->tokenGenerator;
+  }
+
 }
diff --git c/core/modules/system/system.module w/core/modules/system/system.module
index dfda891..9a49670 100644
--- c/core/modules/system/system.module
+++ w/core/modules/system/system.module
@@ -661,13 +661,6 @@ function system_menu() {
     'type' => MENU_DEFAULT_LOCAL_TASK,
     'file' => 'system.admin.inc',
   );
-  $items['admin/appearance/default'] = array(
-    'title' => 'Set default theme',
-    'page callback' => 'system_theme_default',
-    'access arguments' => array('administer themes'),
-    'type' => MENU_CALLBACK,
-    'file' => 'system.admin.inc',
-  );
   $items['admin/appearance/settings'] = array(
     'title' => 'Settings',
     'description' => 'Configure default and theme specific settings.',
diff --git c/core/modules/system/system.routing.yml w/core/modules/system/system.routing.yml
index a3bf62b..cd6c2d6 100644
--- c/core/modules/system/system.routing.yml
+++ w/core/modules/system/system.routing.yml
@@ -313,6 +313,14 @@ system_modules_uninstall_confirm:
   requirements:
     _permission: 'administer modules'
 
+system_theme_default:
+  pattern: '/admin/appearance/default'
+  defaults:
+    _controller: 'Drupal\system\Controller\ThemeController::defaultTheme'
+    _title: 'Set default theme'
+  requirements:
+    _permission: 'administer themes'
+
 system_timezone:
   pattern: '/system/timezone'
   defaults: