Your approach is all right, you are just missing a few small things.
If you want the default serialization to take place, you can overwrite the readResolve method as you would with standard Java Serialization API
(method private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException
) and call in.defaultReadObject();
in that method.
Afterwards you could call your validation methods, or initialize transient fields or do whatever you want after deserialization.
This is also explained in more detail on the XStream FAQ.