For this particular case I would use static query with params where params are set from java
WHERE
...
and (:userNameParam is null or staffname like concat('%',:staffnameParam,'%'))
and (:userNameParam is null or username like concat('%',:userNameParam ,'%'))
...
Then just pass parameters userNameParam, userNameParam etc. If they are null or empty just pass null.
Your way leaves possibility for SQL injection