How to use Hibernate’s @Filter annotation in @ManyToOne field

I’ve an entity like this:

@FilterDef(name = "customerFilter", parameters = @ParamDef(name = "principalSid", type = "string"))
@Filter(name = "customerFilter", condition = "contact.sid=:principalSid")
public class Document extends AbstractEntity {

    @Column(nullable = false, columnDefinition = "DATE")
    private Instant date;

    @Column(nullable = false, columnDefinition = "BIT DEFAULT 0")
    private boolean electronic = false;

    @JsonDeserialize(using = ContactUriDeserializer.class)
    @ManyToOne(fetch = FetchType.LAZY)
    private Contact contact;

Unfortunately, when I enable the filter “customerFilter” I get an exception:

3/06/2020 19:17:54,109  WARN http-nio-8082-exec-5 SqlExceptionHelper:137 - SQL Error: 1054, SQLState: 42S22
03/06/2020 19:17:54,109 ERROR http-nio-8082-exec-5 SqlExceptionHelper:142 - Unknown column 'contact.sid' in 'where clause'
03/06/2020 19:17:54,221 ERROR http-nio-8082-exec-5 [dispatcherServlet]:175 - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.dao.InvalidDataAccessResourceUsageException: could not extract ResultSet; SQL [n/a]; nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet] with root cause
java.sql.SQLSyntaxErrorException: Unknown column 'contact.sid' in 'where clause'
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException( ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException( ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException( ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal( ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeQuery( ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeQuery( ~[HikariCP-3.4.5.jar:?]

I know of this topic, but I’m wondering if there is another way to accomplish this task.
I’d like to avoid to modify the query because this check it’s a security check and I do not want that a coding mistake expose the application to security holes.
With a filter I’m sure this check is always made, despite whats the developer does.