The problem is that when the filter config is cloned in order to be displayed for editing, the mapperParameters are resolved (i.e. ${...} placeholders are converted into their real values). This real value is then saved to the XML file, instead of the unresolved placeholders.
The solution identified exactly where the filter configs are created for editing purposes, and only this instance of loadFilterConfig is modified to not resolve placeholders, leaving all other instances to resolve, as before.
This means that the edit box displays the unresolved placeholders, as expected, which is consistent with other edit boxes that typically contain ENV parameter placeholders, e.g. Data store JDBC connection strings, Global proxy base URL, etc.
can be used in other places, correctly e.g. Global Settings:
saved in global.xml thus:
However, the Authkey extension https://docs.geoserver.org/latest/en/user/extensions/authkey/index.html does not work perfectly. The admin is able to enter the parameterised URL correctly:
saved in data/security/filter/AuthKey Filter/config.xml correctly:
However, when the GUI loads it again, the substituted parameter is visible (this is the bug):
and when saved, the config.xml file is exactly this substituted string, not the parameterised version: