The first way is the more modern approach and that used today in new projects. The second way is the older traditional way, the result is the same. Both are done via reflection. As a matter of fact if your
java security policy allows (usually does) the setter is not even required to be there for the @Autowire to work. As Jeanne pointed out sometimes people will use it on constructors to enforce non-optional dependencies, although @Autowired fields are required unless explicitly marked as optional, so once again the result is largely the same. You can also annotate non-constructor/setter methods with @Autowired.
Spring is pretty good about handling cyclic dependencies to a degree but will throw an error if it can't resolve it. These error spell out the problem in a pretty detailed manner.