I never used Spring Security so I’m only guessing here. But perhaps you could simply replace the <h:inputText> with corresponding plain HTML <input type="text"> elements. This way you can choose any ID you want and because the values aren’t processed by the JSF backing bean, you won’t run into any problems. The only thing you loose is validation. But this may be OK.
Just my 2 cents.
Do you play Magic?
Get TopDecked MTG, the #1 Magic App, built by players, for players. Free to use, forever.