From d2b2ca3bc6982611b1d8feaaf684e6c82cace1ba Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Fri, 19 Feb 2010 01:02:22 +0000
Subject: [PATCH] SEC-1387: Use a transient object as the advice monitor,
 rather than a Serializable.

No need for an anonymous inner class.
---
 .../aopalliance/MethodSecurityMetadataSourceAdvisor.java      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index b98c560aae..819340dba5 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -58,7 +58,7 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
     private BeanFactory beanFactory;
     private String adviceBeanName;
     private String metadataSourceBeanName;
-    private final Serializable adviceMonitor = new Serializable() {};
+    private transient volatile Object adviceMonitor = new Object();
 
     //~ Constructors ===================================================================================================
 
@@ -117,7 +117,7 @@ public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor
 
     private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
         ois.defaultReadObject();
-
+        adviceMonitor = new Object();
         attributeSource = beanFactory.getBean(metadataSourceBeanName, MethodSecurityMetadataSource.class);
     }