Now Spring Security can be used within your queries. For example:
@Repository public interface MessageRepository extends PagingAndSortingRepository<Message,Long> { @Query("select m from Message m where m.to.id = ?#{ principal?.id }") Page<Message> findInbox(Pageable pageable); }
This checks to see if the Authentication.getPrincipal().getId() is equal to the recipient of the Message.
Note that this example assumes you have customized the principal to be an Object that has an id property.
By exposing the SecurityEvaluationContextExtension bean, all of the Common Security Expressions are available within the Query.