This gist demonstrates the PoC for the upcoming support for dynamic binding of SpEL expression in string based and derived queries.

Application.java

package demo;

import java.util.List;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.support.ExpressionEvaluationContextProvider;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

@Configuration
@ComponentScan
@EnableAutoConfiguration
public class Application {

	public static Authentication getCurrentAuthentication() {
		return SecurityContextHolder.getContext().getAuthentication();
	}

	@Bean
	public StandardEvaluationContext rootEvaluationContext() {

		StandardEvaluationContext ctx = new StandardEvaluationContext();

		try {
			ctx.registerFunction("currentAuth", Application.class.getMethod("getCurrentAuthentication"));
		} catch (Exception e) {
			e.printStackTrace();
		}

		return ctx;
	}

	@Bean
	public ExpressionEvaluationContextProvider expressionEvaluationContextProvider(final StandardEvaluationContext ctxt) {
		return new ExpressionEvaluationContextProvider() {
			@Override
			public StandardEvaluationContext getEvaluationContext() {
				System.out.println("getEvaluationContext");
				return ctxt;
			}
		};
	}

	public static void main(String[] args) {

		SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("Jack", "xxx"));

		ConfigurableApplicationContext context = SpringApplication.run(Application.class);
		CustomerRepository repository = context.getBean(CustomerRepository.class);

		// save a couple of customers
		repository.save(new Customer("Jack", "Bauer"));
		repository.save(new Customer("Chloe", "O'Brian"));
		repository.save(new Customer("Kim", "Bauer"));
		repository.save(new Customer("David", "Palmer"));
		repository.save(new Customer("Michelle", "Dessler"));

		List<Customer> customers = repository.findViaQuery("Jack", "Bauer");
		for (Customer customer : customers) {
			System.out.println(customer);
		}

		context.close();
	}
}

Customer.java

package demo;

import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;

@Entity
public class Customer {

	@Id @GeneratedValue(strategy = GenerationType.AUTO) private long id;
	private String firstname;
	private String lastname;
	private String attribute1;
	private String attribute2;
	private String attribute3;

	protected Customer() {}

	public Customer(String firstname, String lastname) {
		this.firstname = firstname;
		this.lastname = lastname;
		this.attribute1 = firstname + " " + lastname;
	}

	public String getFirstname() {
		return firstname;
	}

	public void setFirstname(String firstname) {
		this.firstname = firstname;
	}

	public String getLastname() {
		return lastname;
	}

	public void setLastname(String lastname) {
		this.lastname = lastname;
	}

	public long getId() {
		return id;
	}

	public void setId(long id) {
		this.id = id;
	}

	public String getAttribute1() {
		return attribute1;
	}

	public void setAttribute1(String attribute1) {
		this.attribute1 = attribute1;
	}

	public String getAttribute2() {
		return attribute2;
	}

	public void setAttribute2(String attribute2) {
		this.attribute2 = attribute2;
	}

	public String getAttribute3() {
		return attribute3;
	}

	public void setAttribute3(String attribute3) {
		this.attribute3 = attribute3;
	}

	/* (non-Javadoc)
	 * @see java.lang.Object#toString()
	 */
	@Override
	public String toString() {
		return "Customer [id=" + id + ", firstname=" + firstname + ", lastname=" + lastname + ", attribute1=" + attribute1
				+ ", attribute2=" + attribute2 + ", attribute3=" + attribute3 + "]";
	}

}

CustomerRepository.java

package demo;

import java.util.List;

import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;

public interface CustomerRepository extends CrudRepository<Customer, Long> {

	List<Customer> findByLastname(String lastname);

	@Query("select c from Customer c where c.firstname = ?1 and c.attribute1 like ?#{ #currentAuth().getName() + ' ' + [1]} and c.lastname = ?2")
	List<Customer> findViaQuery(String firstname, String lastname);

}

currentAuth().getName() uses a globally registered custom function to access the current authentication from the SecurityContextHolder.

We can also access method arguments, [1] is used to access the second parameter (lastname).