Yes, you can add a @PostFilter
to any method provided by a Spring Data Repository. Just override existing method findAll() and add your @PostFilter
annotation as depicted in your example. Don't forget to add to your configuration where your repositories are defined
<global-method-security pre-post-annotations="enabled" />
or in a java based configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
respectively. Keep in mind. This works just for collections and arrays. For every other return type like Page you get an IllegalArgumentException. See DefaultMethodSecurityExpressionHandler#filter for implementation details.