Streamline hawkBit logout behaviour (OIDC vs. Credentials) (#945)

* remove logout success handler bean in oidc configuration

Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>

* changed logoutSuccessHandler for oidc configuration

Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>

* set target url parameter to "/" instead of null

Signed-off-by: Natalia Kislicyn <natalia.kislicyn@bosch.io>

hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java

@@ -93,9 +93,7 @@ public class OidcUserManagementAutoConfiguration {
      */
     @Bean
     public LogoutSuccessHandler oidcLogoutSuccessHandler() {
-        SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
-        logoutSuccessHandler.setDefaultTargetUrl("/");
-        return logoutSuccessHandler;
+        return new OidcLogoutSuccessHandler();
     }
 
     /**
@@ -226,6 +224,24 @@ class OidcLogoutHandler extends SecurityContextLogoutHandler {
     }
 }
 
+/**
+ * LogoutSuccessHandler that decides where to redirect to after logout, depending on
+ * the previously used auth mechanism
+ */
+class OidcLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
+
+    @Override
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException {
+        if (authentication instanceof OAuth2AuthenticationToken) {
+            this.setTargetUrlParameter("/");
+        } else {
+            this.setTargetUrlParameter("login");
+        }
+        super.onLogoutSuccess(request, response, authentication);
+    }
+}
+
 /**
  * Utility class to extract authorities out of the jwt. It interprets the user's
  * role as their authorities.