You can create your own version of an AuthenticatingFilter (extend it) and check for ip address. If you use the standard username/password authentication, you will get an instance of UsernamePasswordToken which will contain the host (ip address). You can use that to create you own custom authentication logic.
As for country, you can extend the method above with a country lookup service like this: http://freegeoip.net/