The way I have resolved this with similar situations is to to use a servlet filter to grab the parameters. I would recommend extending the org.springframework.web.filter.GenericFilterBean.

From these parameters, create an auth object of some sort (such as a token), that can be passed into the AuthenticationManager which you can autowire in (or get in some other method).

You will then need to have an AuthenticationProvider that can handle your auth object and generate a UserDetails object with the GrantedAuthority collection you need to satisfy the specific roles you want the user to have.

I already solved the problem. For those who are interested ....

web.xml

<!-- ===== SPRING CONFIG ===== -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/applicationContext.xml
        /WEB-INF/applicationContext-security.xml
    </param-value>
</context-param>

applicationContext.xml

<context:component-scan base-package="at.beko.rainstar2" />

<tx:annotation-driven transaction-manager="transactionManager" />

applicationContext-security.xml

<!-- Configuring security not finished!! -->
<http create-session="never" use-expressions="true" auto-config="false"
    entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
    <intercept-url pattern="/authError.xhtml" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
    <session-management session-fixation-protection="none" />
</http>

<beans:bean id="userDetailsServiceImpl"
    class="at.beko.rainstar2.service.impl.UserDetailsServiceImpl" />

<beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
    class="at.beko.rainstar2.model.LinkForbiddenEntryPoint" />

<beans:bean id="preAuthenticationProvider"
    class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <beans:property name="preAuthenticatedUserDetailsService"
        ref="userDetailsServiceImpl" />
</beans:bean>

<beans:bean id="preAuthFilter"
    class="at.beko.rainstar2.service.filter.UrlParametersAuthenticationFilter">
    <beans:property name="authenticationManager" ref="appControlAuthenticationManager" />
</beans:bean>

<authentication-manager alias="appControlAuthenticationManager">
    <authentication-provider ref="preAuthenticationProvider" />
</authentication-manager>

LinkForbiddenEntryPoint.java

public class LinkForbiddenEntryPoint implements AuthenticationEntryPoint {

@Override
public void commence(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException authException)
        throws IOException, ServletException {
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    httpResponse.sendRedirect("/rainstar2-webapp/authError.xhtml");
}

}

UrlParametersAuthenticationFilter.java

public class UrlParametersAuthenticationFilter extends
    AbstractPreAuthenticatedProcessingFilter {

@Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
    if (request.getParameterMap().size() == 2) {
        return true;
    }
    return false;
}

@Override
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
    String[] credentials = new String[2];
    credentials[0] = request.getParameter("param1");
    credentials[1] = request.getParameter("param2");
    return credentials;
}

}

UserDetailsServiceImpl.java

@SuppressWarnings("deprecation")
public class UserDetailsServiceImpl implements
    AuthenticationUserDetailsService<Authentication> {

@Override
public UserDetails loadUserDetails(Authentication token)
        throws UsernameNotFoundException {
    UserDetails userDetails = null;

            String[] credentials = (String[]) token.getPrincipal();
    boolean principal = Boolean.valueOf(token.getCredentials().toString());

    if (credentials != null && principal == true) {
        String name = credentials[0];
        if ("admin".equalsIgnoreCase(name)) {
            userDetails = getAdminUser(name);
        } else if ("händler".equalsIgnoreCase(name)) {
            userDetails = getRetailerUser(name);
        } else if ("user".equalsIgnoreCase(name)) {
            userDetails = getUserUser(name);
        }
    }

    if (userDetails == null) {
        throw new UsernameNotFoundException("Could not load user : "
                + token.getName());
    }

    return userDetails;
}

private UserDetails getAdminUser(String username) {
    Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_RETAILER"));
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
    return new User(username, "notused", true, true, true, true,
            grantedAuthorities);
}

private UserDetails getRetailerUser(String username) {
    Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_RETAILER"));
    return new User(username, "notused", true, true, true, true,
            grantedAuthorities);
}

private UserDetails getUserUser(String username) {
    Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
    return new User(username, "notused", true, true, true, true,
            grantedAuthorities);
}

}