SEC-1387: Use a transient object as the advice monitor, rather than a Serializable.

No need for an anonymous inner class.

core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java

@@ -58,7 +58,7 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
     private BeanFactory beanFactory;
     private String adviceBeanName;
     private String metadataSourceBeanName;
-    private final Serializable adviceMonitor = new Serializable() {};
+    private transient volatile Object adviceMonitor = new Object();
 
     //~ Constructors ===================================================================================================
 
@@ -117,7 +117,7 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 
     private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
         ois.defaultReadObject();
-
+        adviceMonitor = new Object();
         attributeSource = beanFactory.getBean(metadataSourceBeanName, MethodSecurityMetadataSource.class);
     }