Yes. That's possible.
You have to write a customized authentication-provider, in which you may take parameters you like to do the authentication.
As an example, you may have something like this:
public class MyUserDetailsService implements UserDetailsService{
@Override
public UserDetails loadUserByUsername(String username){
//You have to override this method to have your desired action
//If those criteria are not satisfied you may return null
//Otherwise have an UserDetails filled and returned
org.springframework.security.core.userdetails.User userDetails = new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), user.getIsActive(), true, true, true, getAuthorities(user));
return userDetails
}
And in your bean configuration, use your own authentication-provider like this:
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider user-service-ref="myUserDetailsService"/>
</sec:authentication-manager>