That being said, it's a new web framework, and the biggest issue right now is all the boring infrastructure that goes on top of it to make a framework deal with authentication, authorization, and even boring things like resetting a password.
On the Java side, Yvonnick Esnault has a good starter application (disclaimer; I contributed some code), or you can use Play Authenticate.
On the Scala side, play20-auth is a good starting point for an authentication system. However, it didn't do token based authentication, aka "Remember Me" cookies. Adding this feature turns out to be tricky if you're new to Scala, because extending the request pipeline in Play 2.0 Scala requires that you know a functional style of programming called "action composition".
So here's a boilerplate project play20-rememberme that does authentication with remember me functionality (although it doesn't have the password reset or confirm features added to Play20StartApp).
UPDATE: Now works with Play 2.1.