Taken from The Server Side


We use it for asynchronous event handling, undo management (on the client), replication, transactions, security, caching, parameter validation, the entire object model (in a way that would be more or less impossible to do without AOP), versioning of state, automatic persistence, locking, last modified timestamps, business rules, client/server synchronization, and lots lots more.

Some specific projects/products for the ideas you mentioned implemented using AOP:
Audit trail: see: http://nearinfinity.com/products.html
Monitoring: http://www.glassbox.com/glassbox/Downloads.do (and http://www.ibm.com/developerworks/java/library/j-aopwork10)
For authentication and authorization implemented using AspectJ, check out chapters from my book (free download): http://manning.com/books/laddad/chapters. Also take a look at table of content for a range of problems solved with AOP.

Indeed, nonintrusiveness is an important consideration in using AOP (in legacy code or otherwise). Relationship between AOP and metadata is pretty complex; it took me two full-lenght articles to discuss it:
Part 1 - Concepts and constructs of metadata-fortified AOP
Part 2 - Multidimensional interfaces with metadata